The European Union’s General Data Protection Regulation (GDPR) comes into force in May 2018, radically changing the way organisations have to look after our personal data. Failure to comply could lead to huge fines, yet many businesses are far from ready. Here’s why you should care.
What is GDPR exactly?
A new EU regulation governing how organisations should handle and protect our personal data.
Many of the stipulations are already covered by the UK’s Data Protection Act; but simply put, organisations need to keep records of all personal data, be able to prove that consent was given, show where the data’s going, what it’s being used for, and how it’s being protected.
Accountability is the new watchword.
If personal data gets stolen after a cyber-attack, companies have to report the breach within 72 hours of realising it.
And the definition of personal data has been extended to include extra categories such as your computer’s IP address or your genetic make-up – anything that could be used to identify you.