GDPR. What does it stand for? Why do you need to know about it? Don’t we already have data-protection regs? And what’s for tea?
You’ve probably heard about GDPR. But what does it all mean? The General Data Protection Regulations, in force from 25 May 2018, are the biggest shake-up in data protection since the days of the Spice Girls. (And some of Geri Halliwell’s intellectual-property documents were a revelation.)
Here’s the shortest summary of GDPR you’ll ever read. Cos we can’t afford a long one.
1. GDPR applies to everyone. Even you.
GDPR applies to every business there ever was, ever, that processes EU citizens’ personal data. They’ll all have to comply.
2. The definition of personal data is wider
What counts as personal data has put on weight. Any data that can be used to identify an individual is now personal data.
3. New rules on consent
Consent to use data must be valid. It will be more important than ever for organisations to explain exactly what personal data they’re collecting and how it’ll be processed and used.
4. You might need a DPO
If your business processes personal information, you might need a data protection officer (DPO). The International Association of Privacy Professionals (a fine body of men) reckons that 28,000 DPOs will need to be appointed in Europe alone. Time for a career change?
5. Mandatory PIAs
Your DPO might have to prepare a mandatory Privacy Impact Assessment (PIA), where privacy-breach risks are high, to minimise risks to data subjects.
6. Being forgotten is a right
If someone asks you to delete data you hold on them, be prepared to do so.
7. Liability beyond data controllers
GDPR extends liability from data controllers to all organisations that touch personal data.
8. Privacy by design
You’ll need to design-in privacy in systems and processes. All software must be able to completely erase data.
9. Bye-bye Ireland
US corporates have loved Ireland because of its slightly vague attitude to data protection. But now that DP is being tightened up, the Emerald Isle is less attractive. (Although the lovely scenery and a pint of Guinness remain appealing.)
So, there we have it. Reduced GDPR. And fishcakes. Fishcakes are for tea.
