Are You Ready for GDPR?
Amethyst can help your business prepare
In less than a year, The European Union's General Data Protection Regulation (GDPR) comes into force.
GDPR is a new EU legal requirement that becomes enforceable from 25th May 2018. The GDPR applies to all companies worldwide that process personal data of European Union (EU) citizens.
This law will radically change the way organisations look after our personal data. Failure to comply could lead to huge fines, yet it is believed that many businesses are still far from ready. Speaking to the BBC, Chris Daly, chief executive of the Chartered Institute of Marketing, said that many companies wrongly believe GDPR will have no impact on them.
"There is a real lack of awareness about this issue in our sector,” he says. “60% thought it wouldn't affect their business at all."
Under the new law, any company located anywhere in the world that wishes to work with, or continue to work with, information relating to EU citizens will have to comply with the requirements of the GDPR.
Many of the stipulations are already covered by the UK's Data Protection Act; but simply put, organisations need to keep records of all personal data, be able to prove that consent was given, show where the data's going, what it's being used for, and how it's being protected. If personal data gets stolen after a cyber-attack, companies have to report the breach within 72 hours of realising it to the relevant authorities.
GDPR strengthens the rules around customers' consent, giving them the right to withdraw this consent whenever they like. It provides individuals with the following rights by placing obligations upon the organisations processing their personal data:
The right to be informed
Organisations must provide fair and transparent processing information explaining how personal data is processed. This must be concise and intelligible; written in clear and plain language and it must be easily and freely accessible.
The right of access
Organisations must provide individuals with access to their personal data in response to a subject access request. This includes provisions for organisations where the subject access request is unfounded, repetitive or excessive in nature.
The right to rectification
Individuals have the right to have their personal data rectified if it is inaccurate or incomplete. Organisations are obliged to perform this rectification in a timely manner unless justification for not doing so can be provided.
The right to erasure
Individuals have the right for their personal data to be erased under specific circumstances and organisations are obliged to comply with such requests unless there is a valid reason for refusal.
The right to restrict processing
Individuals have the right to block or restrict the processing of their personal data by an organisation under set circumstances. These restrictions will also apply to any third parties that the data may have been disclosed to.
The right to data portability
Individuals have the right under certain circumstances to move, copy or transfer their personal data from one organisation to another so that they can use it for a different service.
The right to object
Individuals have the right under certain circumstances to object to the processing of their personal data. Organisations processing personal data must implement an accessible mechanism to allow objections to be made and, where the objection is valid, stop processing that personal data.
Rights in relation to automated decision making and profiling
Individuals have the right under certain circumstances to ensure that their personal data is not processed using automated decision making processes, without safeguards such as human intervention in place.
Amethyst operates in both the public and private sectors, delivering a dedicated, personal service of the highest standard. Amethyst can help your business get prepared for GDPR with our team of highly qualified and experiences specialists; many have more than 20 years’ experience of in the fields of Data Protection, Cyber Security and Information Assurance.
To find out how we can help, contact us today: firstname.lastname@example.org