GDPR is a europe-wide regulation to make sure personal data (like e-mail, phone number, address, your phones GPS-location) stays safe. Not being compliant with GDPR means risking a fine of 4% OR 20 million Euro(whichever is higher), or 2% OR 10 million
Enforcement began on May 25th 2018 and yet it’s still an issue as many companies are still struggling with compliance, mostly because it seems too overwhelming to understand, not so!
In the UK the ICO is the body with enforces GDPR and ultimately decide on which level of fine would be issued to a company following a GDPR breach.
GDPR is often made out to be a beast that many ‘experts’ claim it to be and the ICO are not simply handing out fines to businesses like a parking attendant on a bank holiday weekend. If a company happens to suffer a breach providing it is able to demonstrate that reasonable attempts to protect customer data were made it is unlikely you will incur a fine
Some of the key privacy and data protection requirements of the GDPR for a company include:
- Requiring the consent of subjects for data processing
- Anonymizing collected data to protect privacy
- Providing data breach notifications
- Safely handling the transfer of data across borders
- Requiring certain companies to appoint a data protection officer to oversee GDPR compliance
Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data.
GDPR is not just for companies, it also enforces a few rights for users:
- The right to be forgotten; having your data deleted on your request
- The right to see or change (rectify) your own data.
- The right to be notified when a company leaks your data.
- The right to object to certain processing of your data (for example, an automated system that doesn’t take your full situation into account).
- The right to request your data as something that can be read across machines(not necessarily Excel-sheets, but certain standardized formats such as .json, .csv, or .xml files.)
Data here can mean anything that leads back to you; e-mail addresses, date of birth, phone number, usernames, GPS-locations, etc.
It also means having to click that “Yes I’m okay with your privacy statement” simply because saving information about you consenting with a companies’ data collection is also part of the GDPR.