General Data Protection Regulation

What is GDPR? General Data Protection Regulation is what the European Commission has created. This was first raised in January 2012 to redo the data protection act across the European Union. It’s main reason for redoing the system was to make Europe better ‘fit for the digital age’. Since 2012, an agreement was reached in December 2015 and it details what is involved and how it will be enforced. Since this has been applied to all countries within the European Union, it has affected businesses and individuals all over. Even though an agreement was settled at the end of 2015, it was not fully implemented until May 2018 and all nations where expected to have it in their own national law by 6 May 2018.

Also, since the UK is set to leave the EU soon, the UK government has stated that “this won’t impact on GDPR being enforced in the country and GDPR will work for the benefit of the UK”. If you break down what GDPR really stands for, it is just a new set of rules designed to give EU citizens more control over their personal data. It tries to favour business and individuals in terms of digital economy so everyone is being treated fairly. The European Union designed this reform to reflect the world we’re living in today. With this, it brings laws and obligations. This includes anyone who stores information, such as personal data. Also, the current way the world is going, nearly everywhere we go or anything we do, it all revolves around data. A few of the ways data is accessed is through social media, banks, retail shops and government procedures. Many companies had to prepare for the GDPR implementation, there were checklists that companies provided to help make sure that you were completely secure and safe when this new law was placed. These steps are what most companies would have taken to ensure they are not going to get any penalties; Map your company’s data. This is where the organisation would map all their personal data in the entire business and document what they did with the data.

Find the easiest way to access and store the information with it still being very secure. Also, they would have had to make sure they knew who could access it and ensure no one gets unauthorised access. Don’t keep unnecessary data, one of the rules in the GDPR is that it will encourage a more disciplined treatment of personal data. Along with knowing who can access the data, the organisations had to put security measures in place. This could include more security to reduce the change of a data breach and it can also include quick methods to let individuals and authorities know. Since this has been implemented, people who fail to comply with this new law obviously must pay a penalty for breaking the law. Before it gets anywhere near close to a fine, there is a range of different stages to go through. These include warnings and reprimands which is when you impose a temporary or permanent ban on data processing, ordering the rectification, restriction or reassure of data and suspending data transfers to third countries. All of these could completely ruin a business. When it comes to fines, there are two tiers.

The first is; ‘Up to 10 Million Euros or 2% annual global turnover – whichever is higher’ and the second is; ‘Up to 20 Million Euros or 4% annual global turnover – whichever is higher. ’ These fines are discretionary and not mandatory, they must be imposed on a case-by-case basis and must be ‘effective, proportionate and dissuasive. ’ The fines are calculated depending on what article the organisation has breached. Infringements of the organisation’s obligations, including data security breaches, will be given a lower level punishment. However, if infringements of an individual’s privacy rights are breached, then the organisation will be subject to a higher-level punishment. When it comes to personal security for individuals and the public, there are many benefits. Some of these include; the right to access. This means that the individual has the right to request access to their own personal data from a company after it has been gathered. The company needs to provide you with this information, if they don’t, they are not complying with GDPR. They are also allowed to be forgotten, this is when a customer contacts a company to withdraw their information for whatever reason, the company must comply with this request. If the individual wants to transfer any of their information from one service provider to another, they are capable to do so with GDPR. Companies must let customers know before any information is gathered and customers have the right to withdraw but if the consumer wants their information stored, they must opt in for it to be gathered in the first place. Individuals can request that their data is not used for processing, their record can remain with the organisation but cannot be used. Finally, one of the most major issues is that the customer must be told if there has been any sort of data breach within a company which compromises the individual's personal data. The organisation must be informed within 72 hours of the original breach.

To conclude, since everything in the current day is getting more and more technology dependant, data is something that has always been attached to technology and the government will do all they can to protect companies and individuals from being ‘used’ against personal data abuse. You can really tell what a good company is compared to a bad company since GDPR has been implemented. Companies who show they value a customer’s privacy and who are transparent about how their data is being used and when, will always have a better relationship with the individual compared to companies who don’t tell you anything, let alone a data breach. However, even though many companies are settled and have adapted to the new laws of GDPR, there are still many smaller organisations who are still trying to get away with not complying, which will always end in a bad way.