GDPR – Everything you need to know.


Today we will be looking at General Data Protection Regulation (GDPR) and how businesses must become compliant. We will be using information from the ‘Information Commissioners Office’ website and presenting it in an easy to read format.

GDPR will apply from 25 May 2018, meaning you have around a year to become GDPR compliant or else. Even though Britain had decided to leave the EU this will not effect the new regulations.

Who does GDPR apply to?

The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the DPA – ie the controller says how and why personal data is processed and the processor acts on the controller’s behalf.

If you are a processor, the new GDPR places specific legal obligations on you and you will be significantly be more liable if you are responsible for a breach.

Controllers on the other hand are not completely relieved of your obligations where a processor is involved. the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.


What information does GDPR apply to?

Personal Data
Personal data such as keeping HR records, customer lists, or contact details. The GDPR also makes it clear that information such as an online identifier – i.e. a users IP Address is personal Data.

Sensitive Data
The GDPR refers to sensitive personal data as “special categories of personal data”. For example, the special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.

Rights given to an individual.
GDPR gives rights and make existing rights stronger for individuals, these are listed below you may click through the links to find out more information on the ICO website.


Breach Reporting
If you encounter a data breach (i.e. “breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”).

A notifiable breach has to be reported to the relevant supervisory authority within 72 hours of the organisation becoming aware of it. Failing to do so could result in a fine of 10 million Euros or 2% of your global turnover.

How to find out if I am GDPR compliant.

Click here to go through a short quiz/assessment which should show you how complaint you are and give you a good insight into what you need to improve to become complaint.

Also, why not view this -> 12 steps to becoming GDRP compliant

The costs of not being compliant.

For more severe non-compliance, organisations can be fined either up to 20 million euros or four percent of the total worldwide annual turnover of the preceding fi­nancial year, whichever is higher.

For less severe breaches, organisations can face fines of either up to 10 million euros or two percent of the total worldwide annual turnover of the preceding fi­nancial year


Where can i find out more?
To find out more information, please see some useful links below:

  1. ICO GDPR homepage
  2. Call ICO or use the live chat
  3. Contact us using our contact form

Please be aware that it is very important that you become GDPR compliant and this post is aimed at informing businesses of this new regulation and have provided links through-out the article to more detailed information regarding that specific subject.