GDPR for dummies ;-)!

GDPR (General Data Protection Regulation) is a regulation that requires businesses to protect the personal data of individuals who are in the EU. It is a new framework for data protection laws. It was designed to harmonize data privacy laws across Europe as well as give greater protection rights to individuals. GDPR comes with substantial changes for the public as well as business and bodies that handle personal information. It replaces the previous 1995 data protection, which currently based on UK law. Nowadays, the internet is a space where no current borders exist, and it is an advantage that you can exchange data, buy or sell online and communicate as per your feasibility. GDPR is going to protect your all personal and professional data which is a positive step towards privacy.

The GDPR introduces a new principle of accountability obligations on data controllers to demonstrate compliance in which they have to maintain precise documentation, conduct a data protection impact assessment for riskier processing and implement data protection by design and default. GDPR was adopted by the European Parliament and European Council in April 2016 after the discussion of four years and published in the EU journal in May 2016. It will come into force on 25th May 2018. This two year period has given to businesses and public bodies to prepare for the changes. GDPR experts will also help enterprises with the changes as everyone won’t have expertise this will help them to secure all digital information they create, capture or save. Organisations must know what principles need to adhere to as there are seven principles set out which is lawfulness, transparency, limitation, data minimization, accuracy, storage limitation, confidentiality or integrity ,and accountability and liability. All these tenets adhere if organizations internal privacy governance structure set up correctly.

GDPR provisions are consistent across all 28 European member states in which all companies have to meet one standard with EU while this standard is quite high and requires a significant amount investment to administer. GDPR is going to affect all the companies which have a presence in European residents even those which are not present there but processes personal data of European residents. If any noncompliance found, GDPR violators are subject to administrative fines of up to

€20 million, or 4% of worldwide annual turnover. The GDPR also allows data subjects to seek monetary damages in court. ICO (Information Commissioner Officer) has also created a 12 step guide for the starting of GDPR regulations which are:

• Awareness
• Information you hold
• Communicating privacy information
• Individual’s rights
• Subject access requests
• Lawful basis for personal processing data
• Existing Consent
• Children data processing activity
• Data Breaches
• Data protection by design and impact assessment
• Data protection officers
• International standards

The new regulation is also giving an opportunity to review the contracts and other arrangements so that you can easily share data with the organizations. It will bring enormous impact on your business model and deliver prominence to your planning process so; companies have to follow these key points to prepare for the GDPR:

• Prepare for data security breaches
• Establish a framework for accountability
• Embrace privacy by design
• Analyse the legal basis on which you use personal data
• Check your privacy notices and policies
• Bear in kind the rights of data subjects
• Being a supplier, consider new obligations as a processor
• Cross-border data transfers

The critical changes in the GDPR are that data processors have direct bonds for the first time and include a commitment to maintain a written record of processing activities carried out on behalf of each controller. Designate a data protection officer where required or appoint a representative in certain circumstances and notify the controller on becoming aware of a personal data breach without undue delay. In this case, taking action and making sure you are compliant will be the best course of action. You will have to make your place, so be sure to live comfortably.