Countdown to GDPR
It’s not too late: Make sure your business is ready
The European Union's General Data Protection Regulation (GDPR) comes into force on Friday 25 May.
This applies to all businesses, no matter how big or small, and will radically change the way organisations look after personal data.
Under the new law, any company located anywhere in the world that wishes to work with, or continue to work with, information relating to EU citizens will have to comply with the requirements of the GDPR.
Organisations need to keep records of all personal data, be able to prove that there is lawful basis for processing the data, map data flows, identify what it's being used for and how it's being protected. If personal data is stolen after a cyber-attack, companies must report the breach within 72 hours to the relevant authorities.
GDPR strengthens the rules around customers' consent, giving them the right to withdraw this consent whenever they like.
What GDPR means:
The right to be informed
Organisations must explain how personal data is processed if asked to do so by the individual. This must be concise and intelligible; written in clear and plain language and it must be easily and freely accessible.
The right of access
Organisations must provide individuals with access to their personal data in response to a subject access request. This includes provisions for organisations where the subject access request is unfounded, repetitive or excessive in nature.
The right to rectification
Individuals have the right to have their personal data rectified if it is inaccurate or incomplete. Organisations are obliged to perform this rectification in a timely manner unless justification for not doing so can be provided.
The right to erasure
Individuals have the right for their personal data to be erased under specific circumstances and organisations are obliged to comply with such requests unless there is a valid reason for refusal.
The right to restrict processing
Individuals have the right to block or restrict the processing of their personal data by an organisation under set circumstances. These restrictions will also apply to any third parties that the data may have been disclosed to.
The right to data portability
Individuals have the right under certain circumstances to move, copy or transfer their personal data from one organisation to another so that they can use it for a different service.
The right to object
Individuals have the right under certain circumstances to object to the processing of their personal data. Organisations processing personal data must implement an accessible mechanism to allow objections to be made and, where the objection is valid, stop processing that personal data.
Rights in relation to automated decision making and profiling
Individuals have the right under certain circumstances to ensure that their personal data is not processed using automated decision-making processes, without safeguards such as human intervention in place.
- Amethyst operates in both the public and private sectors, delivering a dedicated, personal service of the highest standard. Amethyst can help your business get prepared for GDPR in relation cyber security with our team of highly qualified and experienced specialists; many have more than 20 years’ experience in the fields of Data Protection, Cyber Security and Information Assurance.
- To find out how we can help, contact us today: firstname.lastname@example.org