If you browse online you for sure must have come access banners and articles about GDPR. Let us break down quickly to what it actually is: GDPR stands for General Data Protection Regulation – it’s a European Union driven initiative that will define how are you to deal with data related to EU citizens. The regulation will come into force on 25th of May 2018.
But What About Brexit?!
Many people will straight away ask but we are going through Brexit – clearly it will not be applicable in UK? Well, that is incorrect, the GDPR has been approved in UK and will replace the Data Protection Act that is currently in force, and additionally, GDPR is applicable to any organisation in the world the moment they are processing any EU citizen's data.
So what does GDPR require us to do?
Compliance with the GDPR is required the moment you are processing or storing personally identifiable information on any EU citizen. Data protection has to be implemented by design in all new processes and applications, while previously a good practice, now it’s an explicit requirement. You are required to make the best effort in protecting and storing customer data. The customer has the right to request the information being erased as well as request data to be transferred out to another provider.
What if there is a breach?
That’s the key item that GDPR is dealing with – under the new legislation you will be required to notify customers as well as local regulators about the breach within 72 hours of finding out about it. You are exempted from notifying individuals if you have implemented appropriate technical and organisational measures to protect the personal data, such as encryption.
Is there anything else I need to know?
Yes – part of the GDPR obligation for certain organisations to appoint Data Protection Officer. This can be an internal member of staff or an external consultant. Your DPO will be responsible for monitoring compliance with the GDPR, advising you of your obligations, advising on when and how a privacy impact assessment should be carried out, implementation of compliance measures and be the contact point for enquiries from national data protection authorities and individuals.
How can Intrepid help you?
As an organisation with GDPR certified individuals, we have been working for a while already in implementing ISO certifications as well as Data Protection into a number of clients, we understand the requirements, challenges as well as key changes required. We have as well trained our consultants to be GDPR Certified Practitioners, who can provide you with the guidance and support in order to be compliant. As well we are happy to provide you Data Protection Officer service on a consultancy basis. While the role becomes a requirement for a lot of organisations, the role itself can be provided by an external consultant.