What is GDRP
You will have seen many references recently to GDPR. So what is GDPR?
GDPR – General Data Protection Regulations – This is the most important change in data privacy regulation in 20 years. It was approved by the EU Parliament in April 2016 and will replace the UK 1998 Data Protection Act. It comes into force on May 25th 2018.
In many ways, GDPR is similar to the current Data Protection Act, a legislation which has been in force since 1998 to control the way information is handled and to give legal rights to people who have information stored about them. However, there are some very important changes being implemented through GDPR, which the UK will adopt despite of BREXIT.
GDPR is an EU directive, affecting all member countries. It’s therefore something that’s going to affect all businesses in the UK and EU and even businesses outside those areas who carry EU data. In March 2017, a study found that a quarter of UK businesses were no longer preparing for the new data protection regulations in the misunderstanding that it won’t apply after Brexit. But the Government confirmed that it will implement the new law whatever form our withdrawal from Europe takes, which means the time to start preparing is now.
Regards the UK specifically, the Information Commissioner’s Office (ICO) states that while “many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently.”
The main changes:
- The GDPR rules now also govern all paper records in every organisation and the safe storage of those records.
- There will be a more rigorous regime for data protection and steeper fines of up to 4% of global turnover or €20 million for more serious breaches, whichever is the higher. Now, the Data Protection Act has an upper limit fine of £500,000 for breaches. In the future, there is the real danger that serious a data protection breach could bankrupt a company.
- Individuals now have the right to be forgotten online as well as the right to know what information is held about them and to amend it.
- Categories of data controllers and processors are created. Processors have significantly more legal liability if there is a breach than under the current system. They must keep records of what personal data is held and how it is used. Controllers must show their contracts with processors comply with GDPR rules.
- The definition of personal data is expanded to include IP addresses. Special data will include biometric data which can be applied to an individual, and genetic data.
- Data breaches where there is a risk to the rights and freedoms of individuals must be reported to the relevant authorities within 72 hours, and businesses must inform the individuals affected directly where there is a high risk.
There are key things you need to do:
1. PAPER WASTE – Have systems in place to deal with confidential paper waste. All documents must be safely secured at all times, when not in use by a company representative. Confidential Waste Bins, Secure Office Furniture and Lockers are all GDPR compliant methods for safely storing your organisations data.
2. CONFIDENTIAL WASTE DESTRUCTION – Have a chain of evidence in place that items were dealt with safely and securely. If there is a breach, you need to prove you’ve done everything you can to avoid it. Working with CSRB Limited and our approved suppliers will ensure your organisation receives a safe and secure confidential waste destruction service, which provides a Certificate of Destruction.
3. ACCOUNTABILITY – Ensure anyone processing confidential waste for you understands their legal obligations under GDPR. For example leaving confidential documents on desks overnight, when contractors may have access to the building, would be a breach of GDPR. CSRB Limited can provide secure office furniture solutions.
4. COMPANY GDPR STANDARD – Have systems in place for reporting breaches to the authorities or those affected. CSRB Limited can work with you, through our partners, to ensure GDPR Training is provided for those key stakeholders in your organisation.
For further information on GDPR visit the main EU website – www.eugdpr.org/eugdpr.org.html
Please contact CSRB Limited today to find out more about our range of GDPR compliant Confidential Waste Bins, Lockers and Office Furniture on 01173 250830 or firstname.lastname@example.org.