© 2019 Novus Business Connections | Registered in England and Wales, company number 10900544 | Privacy Policy

GDPR (The EU General Data Protection Regulation) 

“There’s a lot in the GDPR you’ll recognise, but make no mistake, this ones' a game changer for everyone.”

Elizabeth Denham
ICO Information Commissioner

What is GDPR? 

The General Data Protection Regulation (GDPR) is a new European ruling, which governs the data protection rights for all individuals within the European Union. It serves to strengthen and unify all data protection rules and practices across the EU. In short, it gives greater power to the individual with regards to how and who can use their personal data and gives the rights to access, amend, and restrict the personal data organisations hold about them.

 

 

Does GDPR affect you / your business? 

The short answer is yes. GDPR affects anyone holding data on EU citizens, including those companies not in Europe. The ICO have confirmed that GDPR will still be a part of UK law post Brexit - this was also a point raised in the Queen's speech.  If your business offers goods and/ or services to citizens in the EU and you have captured their data (name, number, email, IP details), then you are subject to GDPR regulation.

 

 

Are your marketing activities and processes GDPR compliant?

It is key to ensure your processes cover all the rights the individuals have, including how you delete personal data, transport data and provide data electronically (e.g. in a commonly used format). Be aware that you have to be able to demonstrate how you accommodate the following rights for individuals:  

 

The right to be informed 

The right of access

The right to rectification

The right to erasure 

The right to restrict processing

The right to data portability 

The right to object 

The right not to be subjected to automated decision-making including profiling

 

 

What happens if my business is not GDPR compliant? 

You had until the 25th May 2018 to be fully compliant with GDPR. Failure to comply Once GDPR came into force could result in a two-tiered sanction regime – with lesser incidents subject to a maximum fine of either €10 million (£7.9 million) or 2% of an organisation's global turnover (whichever is greater). The most serious violations could result in fines of up to €20 million or 4% of turnover (whichever is greater) from the Regulation  and  ICO (Information Commissioner Officer) office. 

 

 

What is the difference between a data controller and a data processor  

A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller. For example, Novus Business Connections are processors as we are instructed by our clients (the 'controller') to process (call) their dataset. GDPR brings in greater responsibility for both parties to ensure stronger accountability than before. With good, transparent communication between controller and processor alongside robust processes, understandings and agreements, GDPR will further strengthen the relationships of these entities. 

 

Want to find out how Novus are GDPR compliant? Contact us below

Contact us by phone, email or complete the form below and we will be in touch!