Coming into law in 2018 with onerous compliance and powerful enforcement. Are you ready?
GDPR is legislation requires compliance by 25th May 2018. It is designed to reinforce the data protection rights of individuals and facilitate the free flow of personal data in the digital single market of the EU. Any company that handles personal data must comply.
The legislation swings the control and protection of personal data even further towards the individual and companies must demonstrate their duty of care.
The new legislation is supported by very substantial fines of up to 4% gross global annual turnover per breach, and 2% gross global annual turnover per technical non-compliance. And the regulator is funded by income from fines. In addition there is also risk of reputational damage, risking the trust of customers, prospective customers, employees, partners, suppliers and regulators
If you are dealing with personal data than you should be paying attention right now. The use of personal data is pervasive in the majority of service organisations.
Principles for processing personal data
Lawfulness, fairness & transparency
Data must be processed lawfully, fairly and in a transparent manner in relation to the data subject
Data must only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
Data collected must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Integrity & confidentiality
Data must be processed in a manner that ensures appropriate security of the personal data using suitable technical or organisational measures
Data must be accurate, up to date and every reasonable step must be taken to ensure that inaccurate data are rectified or deleted without delay
Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary
Identifying GDPR compliance requirements
GDPR applies to you if you’re dealing in personal data:
Personal Data relates
• A living individual can be identified from the data, or, from the data and other information in the possession of, or likely to come into the possession of, the data controller
• ‘Relates to’ an identifiable living individual, whether in personal or family life, business or profession
• The data has the potential to impact on an individual, whether in a personal, family, business or professional capacity
Special Categories of Personal Data:
Personal data revealing:
• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic and biometric data
• Data concerning health or person’s sex life or sexual orientation
• Criminal convictions and offences
Examples of data subjects to which personal data may apply:
• Prospect / Applicant
• Customer / Ex Customer
• Power of Attorney
• Child / Legal Guardian
• Current Employee
• Ex Employee / Pensioner
• Dependent / Next of Kin
• Contractor / Temp
What do you need to do?
You must fully understand your data and identify where GDPR applies. You must then ensure that all systems and processes can demonstrably deliver compliance. And once compliance is in place it must be maintained as processes, systems and regulation changes.
At Enterprise Blueprints we are supporting a number of to understand the impact of GDPR. We have a proven approach of ASSESS-APPLY-AUDIT, that can help your organisation be GDPR ready.
The earlier you act, the more assurance you will have that your organisation will be ready in 2018. With one year to go, now is the time to take action.
Enterprise Blueprints is an established consultancy, able to demonstrate benefits with flexibility and speed.
We know you need to see value within weeks not months. We are based in the UK and will assign an experienced team to work with you every step of the journey, from start to successful conclusion of any engagement. Our architects have extensive experience in the financial services industry and have the expertise to deliver to challenging timelines. We are biased towards action rather than extended discussion and our approach has consistently helped our clients deliver complex projects successfully.