Much is made of GDPR compliance in the UK; 80% of UK citizens have heard of GDPR law, though the number that could explain exactly what it comprises may well be much lower. GDPR compliance is a legal requirement for businesses, as well as a boon – and here is why.
What is GDPR?
GDPR stands for ‘General Data Protection Regulation’, and is a law that governs the way in which businesses and organizations handle and utilize private and personal information relating to private citizens. The law was drafted in 2016, as a natural progression of the ‘right to privacy’ enshrined in the European Convention on Human Rights.
Today, the internet is a near-ubiquitous asset on which billions rely for both professional and personal reasons. The information generated by an individual while they are online – including search history and purchasing patterns – is worth a lot to marketing and e-commerce businesses for targeted advertising and product surveys alike. Meanwhile, confidential personal information from census data to passwords and contact information can be used with malicious intent by businesses and fraudsters.
By enshrining this information as protected, EU citizens are protected from the poor handling of personal information and the potential for predatory practices by other organizations. In practical terms, GDPR law presents a framework for the collection and storage of personal information, based on consumer consent and a right to be forgotten.
GDPR is a wide-ranging piece of legislation, that covers all aspects relating to the relationship between a business and any personal information it may want or need.
GDPR Breaches, and Implications
GDPR law is exhaustive, governing as it does the legality of access to, harvesting of, consent to share, and processing of personal information. As such, there are a number of ways in which that law could be deemed to have been breached – from literal data breaches relating to personal information to the unlawful processing of personal data.
Punishment for data breaches is proportional to the size and manner of the breach, as well as the size of the business responsible; failure to securely store and properly handle personal information relating to EU citizens, wherever you are in the world, can land you significant penalization in the form of fines, up to €20 million or 4% of global revenue.
Following GDPR Law
Crafting airtight GDPR compliance for a business, especially one that handles personal information as a function of its operation, can be a daunting endeavor. Not only do businesses need to be compliant, but they need to be able to demonstrate exactly how they are compliant. In order to further understand what is required of you, retaining the services of a technology lawyer to walk you through the protection you need to put in place can help considerably.
While not every organization needs a Designated Processing Officer (DPO) to orchestrate the implementation of GDPR practices, it can still be a useful way to monitor and police the handling of data in your business. Appointing someone to be in executive control of training and development when it comes to staff understanding of GDPR can limit the chance of human error in a data breach or mishandling.