If you work for a company that deals with customer information or data, I’ll put my house on the fact that you would have heard of GDPR.
If you haven’t, I’m afraid you can’t have my keys as we didn’t shake on it, but please read on.
GDPR stands for General Data Protection Regulation and it is the latest update to regulation in European Union law on data protection and privacy. The definition of GDPR is that it is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
It more than likely has come in to play thanks to PPI and other such nuisances who call and pester you, but that’s just my opinion.
After four years of preparation and debate, GDPR was approved by EU Parliament on 14th April 2016, with an enforcement date of 25th May 2018, by which time all organisations who are based within the EU, or handle information of customers who reside within the EU must become compliant.
If your company is not compliant with GDPR, you will face fines of up to €20million, or 4% of your global turnover (whichever is higher). You will also need to pay compensation claims for damages suffered and these costs will have an adverse effect on your reputation and the trust your consumers have in your company.
The aim of GDPR is to provide harmonisation of the data protection regulations throughout the EU, helping non-EU companies to comply with the regulations put in place.
Well, that entirely depends on what role you have. If you process the data, or work with customer information, then you need to at least have an understanding and awareness of what GDPR is so that you don’t get caught out.
If you are a Director, in charge of security or governance, then you must have a full understanding of GDPR, and if you have any gaps within your organisation which don’t comply with GDPR then you need to ensure there’s steps in place to guarantee compliance so you can avoid those fines.
Some of the key privacy and data protection requirements of GDPR include:
e-Careers offers an introductory course on GDPR for anyone who needs awareness, but if you are a business and would like to become aligned to the requirements of GDPR, we offer a total solution for your needs. To find out more, click here. If you would like further information on GDPR, you can find it over at the Information Commissioner's Office by clicking here.