The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU)
GDPR, created by the EU Commission will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU.
Does it affect my business? In the UK, GDPR will replace the Data Protection Act 1998, which was brought into law as a way to implement the 1995 EU Data Protection Directive. GDPR seeks to give people more control over how organisations use their data, and introduced hefty penalties for organisations that fail to comply with the rules, and for those that suffer data breaches. It also ensures data protection law is almost identical across the EU.
Fines can be up to €20 Million or 4% of global turnover – whichever is higher.
Compliance Consultant has decades of experience in dealing with UK and EU regulation and legislation, and are ideally placed to help you manage your responsibilities. We can conduct audits, provide training, create documents and show you how and where to record your specific risks and mitigation measures to ensure the expected standard of data protection required.
What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.