top of page

New to GDPR The basics explained in one page

GDPR is the new Data Protection Act (General Data Protection Regulation)

 

  • The GDPR law was passed on May 28th 2018 and brought with it obligations concerning working with personal information

  • These obligations impose new rules on how individuals private data is processed and stored 

  • Penalties for non-conforming can be as much as 4 % of Annual Turnover

​

What are the headline points in the act ?

​

  • To store and process personal information a good legal basis for that activity must exist

  • Individuals have new rights which a company is obligated to respond to

  • A Data Protection Officer is required for larger higher volume processors and controllers of data

  • Reporting of breaches is now required to the regulator within 72 hours

  • Data processing systems and process must be designed with protection in mind(Privacy by design)

  • New policies and procedures concerning the above to be implemented reflecting GDPR laws especially Data Subject Rights and breach procedures

  • International safeguards must be applied if data is transferred out of the country

  • Risk Assessments may be required on personal data(DPIA's and LIA's)

  • Documentation of processes need to be in place(Art 30 )

  • Compliant Contracts for your suppliers will need to be in place

  • A review of how you collect consent or opt-in for marketing will be required and if not compliant you may have to stop marketing

  • Data Retention Policies will need to be applied to processes 

​

What are the headline items that organisations need to be doing now ?

​

  • A fundamental review of the organisations affected data is required

  • A target operating model will be required to be designed

  • A programme is required to meet the gap analysis identified in the above

  • Vendors will need to be selected to meet the requirements of the data requirements of the act

  • Process policies and procedures will need to be designed to meet the requirements of the act

  • Direct Marketing rules are more onerous as a result of the new obligations and behaviour may need to be altered

  • Data storage locations including third party services providers will need to be reviewed

​

​

Disclaimer. These are the basic headline items there is much more to uncover in the detail. I can help formulate your programme.

bottom of page