What is the GDPR?
The General Data Protection Regulation (GDPR) is a EU new legal framework, which will replace the current UK Data Protection Act 1998. The GDPR will apply from the 25th May 2018 in the UK, which will have a significant impact on organisations’ data practices.
Who will be affected?
Most companies who are covered in the existing Data Protection Act will also be subject to the GDPR.
A significant difference with the GDPR is that it also applies to ‘processors’, which had less liability until now. ‘Controllers’ are in charge of the conditions and purposes for processing data, while ‘processors’ act on behalf of controllers. Whereas under the current act, ‘controllers’ of data are the ones mainly held responsible for data breaches, the GDPR will take into account both ‘controllers’ and ‘processors’, specifying different obligations for both groups.
In addition, the GDPR will not just apply to companies headquartered in the EU, but any organisation dealing with personal data of EU citizens.
Complying with the GDPR
In light of Brexit, the British Government has confirmed that the new regulation will still apply. Brexit is not likely to have an impact on the GDPR, and companies which possess/process EU personal data need to comply regardless of where the company is based.
The GDPR will cause a variety of changes from the existing act, and companies need to ensure a good understanding of the changes that they need to implement. The changes include:
- Stricter definition of personal data: will include any data from which an individual could be identified. This will include genetic, mental, cultural and social details, names, pictures, bank and medical details, IP addresses etc.
- Clearer consent: companies will not be able to use ambiguous language, and consent will have to be clearly given
- Right to be forgotten: individuals will be able to demand that organisations delete their personal data
These are just a few of the important new rules that organisations will need to comply with from May 2018. In order to ensure compliance with the GDPR, companies need to start preparing as soon as possible. Fines for non-compliance can be serious, with the maximum financial penalty being €20 million, or 4% of annual global turnover, whichever is greatest.
At Mobile Worker Plus, we process vast amounts of data on behalf of our customers as well providing them with the tools and Apps enabling compliance with their mobile workers in the field. We have been preparing for the upcoming legislation change and are on the path of being fully compliant with the up and coming changes.