What Does the EU GDPR Mean for My Business?

The EU GDPR (General Data Protection Regulation) is a new regulation passed by the European Parliament in April of this year. While it does not come into effect until 2018, it supersedes all data protection acts for any businesses doing business with EU companies or storing any EU citizen’s information.

It is important that all businesses comply with the EU GDPR before it comes into effect. The penalties are very significant; with fines of up to €20 million there is a very real risk that breaching the regulation could spell the end for a small to medium business.

So what does the EU GDPR entail? It is essentially a set of definitions and regulations regarding the personal data of EU citizens. Almost all companies must abide by this regulation, not just companies in the EU – if any aspect of your business deals with, or allows dealing with, an EU citizen’s data, you must abide by the EU GDPR or risk facing the penalties for non-compliance.

The most significant change will be in what data must be protected, and how it is protected. Many details will be considered sensitive, and must not be stored if not needed for the standard function of the business, and must only be stored as long as it is needed.

Parental consent will also be required to store or process any data on children under 16 (or 13 in EU member countries.) This consent must be informed and direct – without a clear and completed consent form data may be stored or processed on minors.

Do you have a data breach action plan in place? The new regulations also include strict timing and response requirements in the case of a data breach. The most important aspect of this is that breach victims must be notified about the breach within 72 hours in most cases, a much shorter timespan than most companies have responded to breaches in the past.

The regulations also bring into place a unified structure for the “right to be forgotten”. This is when a person, or the kin or a deceased person, request that all data about them be erased, or hidden. The EU GDPR defines a specific set of circumstances as to when this action can be taken, and what response the company must take.

There are also a set of strict requirements regarding data portability and access, in which a user’s data must be made available to them in a functional format upon request.

Kogo strongly recommends that businesses that handle customer information contact an IT lawyer to assist them in ensuring they conform to these new regulations before they come into effect in 2018.

However, these issues only tell part of the story. A proper cybersecurity implementation is vital to ensuring you are able to conform to these standards – for instance there is software support available to inform you the moment a breach takes place, or inform you a breach was prevented and give you details on the source. For more information on these services you can email us at [email protected] or call us on 01342 333000. Cyber Streetwise have set up a simple questionnaire you can fill in to see how your company’s cybersecurity fares in the modern threat landscape – you can try it yourself here.

0 replies

What Does the EU GDPR Mean for My Business?

Leave a Reply

Leave a Reply Cancel reply

Latest posts

Contact Us

What Does the EU GDPR Mean for My Business?

Share this entry

Leave a Reply

Leave a Reply Cancel reply

Latest posts

Contact Us