As we’re just over 12 months away from the implementation of the European Union’s General Data Protection Guidelines. The latest statistics suggest that many businesses have not yet begun to tackle implementing the requirements of GDPR, however, more and more are now realising that it is something that they need to start thinking about urgently. We take a look at some of the most common asked questions about the implementation of GDPR and how it will affect businesses across Europe and beyond.
What Is GDPR?
GDPR stands for the General Data Protection Regulations and is the result of many years work by the European Union to bring data protection into line with the new and previously unforeseen ways that data is now used.
What Are The Reasons For The Implementation Of GDPR?
There are two main drivers behind the new General Data Protection Regulations.
- The European Union want to give people more control over how their personal data is used by organisations. It’s important to understand that much of the current legislation was written before the internet exploited far more ways to use and exploit data such as how Google and Facebook swap access to people’s data in return for the use of their services. As the digital economy gets stronger and grows, it is hoped that improved regulation of data will improve trust across the spectrum.
- The European Union also want to give businesses a clearer and simple legal environment in which to operate by making data protection laws uniform across Europe.
Who Does GDPR Apply To?
Essentially, controllers of data and processors of data are required to abide by the GDPR. Controllers are those that say how and why personal data is processed whist processors are the parties that do the actual processing of the data. So for example, the controller could be a company or a government department and the processor could be a third party firm that they outsource their data processing to.
Do the General Data Protection Regulations Only Apply To EU Countries?
Whilst the GDPR is a European Union regulation, it doesn’t just apply to those countries in the EU. Even if controllers and processors of data are based outside of the EU, if they are dealing with data belonging to EU residents, then they will have to comply with the General Data Protection Regulations. Essentially, that means any company doing business in the EU will have to comply with GDPR.
Will The GDPR Apply To The UK?
Yes, because the UK will not have left the EU by May 2018. It will also apply to any organisations in the UK post-Brexit who control or process any data that belongs to European Union residents.
Is Full Compliance Needed By May 2018?
Yes. Any organisations failing to comply with the GDPR that will come into force on May 25 2018 will face the possibility of fines. Organisations could be issued with a penalty of up to €20 million or 4% of global annual turnover, whichever is greater.