General Data Protection Regulations (GDPR)
What is GDPR?
The European Parliament adopted the GDPR in April 2016, replacing the UK Data Protection Act 1998. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU. The provisions are consistent across all 28 EU member states, which means that companies have just one standard to meet within the EU. However, that standard is quite high and will require most companies to make a large investment to meet and to administer.
What companies does GDPR affect?
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:
- A presence in an EU country.
- No presence in the EU, but it processes personal data of European residents.
- More than 250 employees.
- Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data.
What data is affected?
The GDPR applies to personal data. This is any information that can directly or indirectly identify a natural person, and can be in any format.
The Regulation places much stronger controls on the processing of special categories of personal data. The inclusion of genetic and biometric data is new.
- Email address
- IP address
- Location data
- Online behaviour (cookies)
- Profiling and analytics data
- Political opinions
- Trade union membership
- Sexual orientation
- Health information
- Biometric data
- Genetic data
What we can do for you
With the appropriate framework in place, not only will you be able to avoid significant fines and reputational damage, you will also be able to show customers that you are trustworthy and responsible. We are here to help.
- Review any contractual agreements.
- Review existing Processes.
- Provide required recommendations for internal consideration and adoption.
- We provide input, support and advice and help create a GDPR implementation plan and then sign off when completed.
Please get in touch on the right hand side for more information and check out our handy 10 Step GDPR Guide.
To get in contact with one of our GDPR Experts and to make sure your business is compliant please fill out the form below and one of our experts will be in touch.