What are the GDPR Regulations?
General Data Protection Rules
UK GPDR Legislation introduced to enforce EU Regulations
To provide high standard of protection for personal data, and to create a uniform and harmonised level for the protection of personal data within the EU so that the free movement of personal data within the Union is not hindered.
What are the key principles of the GDPR?
- To ensure information is used lawfully, fairly and transparently
- Data is collected for specified, explicit and legitimate purposes
- Data storage and collection is adequate, relevant and limited to necessity
- Data is Accurate (kept up to date)
- Kept no longer than necessary
- Kept safe
What roles are defined under GDPR?
The Controller - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
The processor as: ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
What are the key individual rights under GDPR?
- The Right to Access (How is data used)
- Forgotten
- Portability - transfer from one provided to another
- Informed - aware data is being gathered
- Information corrected
- Restrict processing - stored but not used
- to Object - stop processes for direct markering
- To be notified - if there is a data breach
What are the penalties associated with GDPR?
Max fines of 20M Euro or 4% of global turnover for preceding year.
E.g. Amazon were fined £636m
What should a company do to ensure compliance?
Map company’s data - understand what data is being stored, how it is being stored, why it is being stored? Identify any risks.
Determine what needs to be kept.
Develop safe-guards and security.
Review all privacy statements
Establish robust, GDPR data collection procedures
What is ISO 9001.
Quality management accreditation. (International Organisation for Standardization).
Sets the requirements on how firms should control data and documents relevant to the service they provide.
Sets requirements for a company’s Quality Management System (QMS), which is about the management of the entire enterprise and its operational processes.
