On 25th May the two-year transition period for the EU General Data Protection Regulation (GDPR) will be over and the regulation will be enforceable. Businesses that fail to comply could face large fines and other sanctions.
It’s important for businesses to know what GDPR is, and what the key terms mean. In short, GDPR is EU data protection legislation designed to reflect the changing ways in which personal data is stored and handled. It defines companies that own or manage personal data as controllers and/or processors.
A controller is a body that “determines the purposes and means of the processing of personal data”, whilst a processor is a body employed by a controller to manage their data. Personal data is defined by the Information Commissioners Office as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.” Personal data is a broad definition, and covers a wide range of data points – including online identifiers.
A data breach is not necessarily a malicious attack. It is defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
Even if all the guidelines are followed this cannot prevent data breaches at all times, so the requisite actions for relevant bodies after a breach is a key part of GDPR. As many of these actions have to be performed in a very restricted timeframe, we’d recommend getting in touch with us today to review the efficiency and compliance of your policy.