The General Data Protection Regulation (GDPR) is the biggest change in data protection laws for 20 years, and when it comes into effect on May 25th, 2018, it intends to give European citizens back control over their personal data. Its impact won’t just be felt in Europe though, as it will have wider implications for companies across the world that hold data on the continent. While great news for individuals, it presents complex problems for companies. As a case in point – they could face fines running into tens of millions of Euros if they breach the new directive. With that in mind, here's a few answers to some key questions.
It's a new set of rules governing the privacy and security of personal data laid down by the European Commission. The new single data protection act will make major changes to all of Europe’s privacy laws and will replace the outdated Data Protection Directive from 1995. What is the point of the new laws? They have been designed to give power back to citizens over how their data is processed and used. Under the new rules, individuals have “the right to be forgotten”, meaning they will be able to request that businesses delete their no longer necessary or accurate personal data. Plus, the intention is to simplify the regulatory environment.
How will this impact individuals?
As well as the right to be forgotten, the law holds provisions that could potentially increase consumers’ rights over their data. But there is a huge grey area about how it will apply in reality. The laws mean that in theory people could ask social networks like Facebook to delete their profiles entirely. Laws relating to freedom of expression will stop “the right to be forgotten” extending to news articles. But there is the potential for individuals to transfer their data from one service to another more easily – which is great news for consumers, making it simpler to swap utilities, insurance or ISPs.
How will this impact my business?
This shake-up of data protection laws is all well and good for individuals, but it could mean huge fines for businesses that don’t comply with the laws. This is because data breaches have become increasingly common in recent years. However, giving citizens back control of their complex personal data is not necessarily easy. Plus working out how to give it back to them and how to ensure it is stored adequately throughout employment and then deleted securely is a bit of a technical and HR minefield.
How much are the fines?
The biggest change to the law is the increase in the amount of money regulators can fine companies who do not comply – up to 4% of their global turnover or 20 million Euros, whichever is greater. This threat is certainly big enough to frighten companies into changing their data dealings.
What should my business do with confidential waste on a day-to-day basis?
The new regulation states that all redundant paper should be stored in a secured locked unit before being shredded appropriately. This is to stop confidential documents being potentially read by unauthorised members, such as cleaners or contractors. At Elite, we can provide you with the following console which fits perfectly into any office environment. The consoles are lined with a nylon sack & the paperwork sits securely stored within the locked console prior to collection.
If you'd like more information regarding GDPR, or would like to proceed with a collection,
please email us by clicking the below link