GDPR (The EU General Data Protection Regulation)
“There’s a lot in the GDPR you’ll recognise, but make no mistake, this ones' a game changer for everyone.”
ICO Information Commissioner
What is GDPR?
The General Data Protection Regulation (GDPR) is a new European ruling, which governs the data protection rights for all individuals within the European Union. It serves to strengthen and unify all data protection rules and practices across the EU. In short, it gives greater power to the individual with regards to how and who can use their personal data and gives the rights to access, amend, and restrict the personal data organisations hold about them.
Does GDPR affect you / your business?
The short answer is yes. GDPR affects anyone holding data on EU citizens, including those companies not in Europe. The ICO have confirmed that GDPR will still be a part of UK law post Brexit - this was also a point raised in the Queen's speech. If your business offers goods and/ or services to citizens in the EU and you have captured their data (name, number, email, IP details), then you are subject to GDPR regulation.
Are your marketing activities and processes GDPR compliant?
It is key to ensure your processes cover all the rights the individuals have, including how you delete personal data, transport data and provide data electronically (e.g. in a commonly used format). Be aware that you have to be able to demonstrate how you accommodate the following rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
The right not to be subjected to automated decision-making including profiling
What happens if my business is not GDPR compliant?
You had until the 25th May 2018 to be fully compliant with GDPR. Failure to comply Once GDPR came into force could result in a two-tiered sanction regime – with lesser incidents subject to a maximum fine of either €10 million (£7.9 million) or 2% of an organisation's global turnover (whichever is greater). The most serious violations could result in fines of up to €20 million or 4% of turnover (whichever is greater) from the Regulation and ICO (Information Commissioner Officer) office.
What is the difference between a data controller and a data processor
A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller. For example, Novus Business Connections are processors as we are instructed by our clients (the 'controller') to process (call) their dataset. GDPR brings in greater responsibility for both parties to ensure stronger accountability than before. With good, transparent communication between controller and processor alongside robust processes, understandings and agreements, GDPR will further strengthen the relationships of these entities.
Want to find out how Novus are GDPR compliant? Contact us below
Contact us by phone, email or complete the form below and we will be in touch!