The General Data Protection Regulation (“GDPR”) comes into effect on the 25th May 2018. This will affect every business both large and small and so it is essential all organisations ensure they have appropriate policies, procedures and protocols in place.
The General Data Protection Regulation (“GDPR”) comes into effect on the 25th May 2018. This will replace and update current European Union Laws on data protection. This will have direct effect on Irish Law and Irish individuals and Organisations must be comply with the new regulations. The new law aims to have a more transparent and protective approach to data regulation.
The new regulations impose much stricter obligations on any organisation that collects retains or processes data. It will give greater rights to individuals whose personal data is collected, retained or processed by any organisation. It is designed to allow individuals to have more control over how their data, personal or otherwise is collected, retained or processed.
This new regulation will impact businesses across all industries and not organisations with a physical presence in Europe. Even if a business is based outside of the EU but is processing the personal data of EU individuals in relation to offering good/services, or monitoring the behaviour of individuals in the EU, they are now also subject to its requirements.
It will give more power to the Data Protection Commissioner such as allowing them to impose fines on organisations found to be in breach of the its requirements. It introduces a two-tier system of fines, depending on the type of no-compliance. The lower tier provides for a fine up to the higher of €10,000,000 or 2% of the organisations total worldwide annual turnover. The upper tier there is the potential for fines up to €20 million euro or up to 4% of the organisations global turnover. It will also permit individuals to seek compensation through the courts for breach of data privacy even in circumstances where no material damage or financial loss is suffered.
The data protection commissioner has provided guidance for organisations to help ensure they are compliant with the new regulations including becoming aware, becoming accountable, communicating with staff and service users, and considering the legal basis of the regulations.
The general takeaway from the GDPR is that it requires organisations to proactively ensure that privacy is built in to their systems and processes.
This will affect every business both large and small and so it is essential all organisations ensure they have appropriate policies, procedures and protocols in place.