GDPR Compliance

General Data Protection Register (GDPR) "Within this book is a detailed guide to G.D.P.R and how to incorporate it within the companies management system, by purchasing this book you will save countless hours of expensive consultancy sessions" The new GDPR regulations will become enforceable on 25th May 2018 after which non compliance will result in heavy fines. The new GDPR law applies to all companies processing the personal data of data subjects residing in the UK, regardless of the company's location. Under GDPR, organisations in breach can be fined up to 4% of annual global turnover or 20 Million (whichever is greater). The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Other changes include; Breach Notification: Breach notification will become mandatory in all member states where a data breach is likely to "result in a risk for the rights and freedoms of individuals". Right to Access: this is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Right to be Forgotten: Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. Data Portability: GDPR introduces data portability - the right for a data subject to receive the personal data concerning them, which they have previously provided in a 'commonly use and machine readable format' and have the right to transmit that data to another controller. Privacy by Design: Privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. Data Protection Officers: There will now be internal record keeping requirements and DPO appointment will be mandatory only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences.