GDPR for Business and Individuals

GDPR for Business and Individuals

GDPR for Business and Individuals

The General Data Protection Regulation (GDPR) will come into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive. This will see new changes around GDPR for business and individuals.
 The General Data Protection Regulation will give greater control to individuals over their personal data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations and businesses.

GDPR For Individuals

The GDPR is based on the core principles of data protection which exist under the current law. These principles require organisations and businesses to:

  • collect no more data than is necessary from an individual for the purpose for which it will be used;
  • obtain personal data fairly from the individual by giving them notice of the collection and its specific purpose;
  • retain the data for no longer than is necessary for that specified purpose;
  • to keep data safe and secure; and
  • provide an individual with a copy of his or her personal data if they request it.

Under the GDPR individuals have the significantly strengthened rights to:

  • obtain details about how their data is processed by an organisation or business;
  • obtain copies of personal data that an organisation holds on them;
  • have incorrect or incomplete data corrected;
  • have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data;
  • obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability);
  • object to the processing of their data by an organisation in certain circumstances;
  • not to be subject to (with some exceptions) automated decision making, including profiling.

GDPR For Business

The General Data Protection Regulation (GDPR) very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.

Organisations and businesses collecting and processing personal data will be required to meet a very high standard in how they collect, use and protect data. Very importantly, organisations must always be fully transparent to individuals about how they are using and safeguarding personal data, including by providing this information in easily accessible, concise, easy to understand and clear language.

12 Step Guide on GDPR

The Data Protection Commissioner has issued a 12 step guide on GDPR that includes:

  1. Becoming Aware
  2. Becoming Accountable
  3. Communicating with Staff and Service Users
  4. Personal Privacy Rights
  5. How will access requests change
  6. What we mean when we talk about a ‘Legal Basis’
  7. Using customer consent as a grounds to process data
  8. Processing Children’s Data
  9. Data Protection Impact Assessments (DPIA) and Data Protection by design and default
  10. Reporting data breaches
  11. Data Protection Officers
  12. Cross-border processing and the one-stop shop

You can see all of the information in the GDPR 12 step guide here.

The General Data Protection Regulation significantly changes data protection law in Europe, strengthening the rights of individuals and increasing the obligations on organisations. Get aware, and get prepared.

#HireTheBest @MerrionPeople