On May 25th, your employees, clients and contractors will have much greater rights than before over the way their personal information is collected and handled by your organisation (or any other organisation in the EU).
And your organisation needs to be ready to respond quickly to the requests they make about their data.
May 25th is when the EU’s General Data Protection Regulation (GDPR) comes into effect. The GDPR strengthens individual rights that were already covered by the Data Protection Act (1988) and adds some new ones. It means individuals will have:
As 3C Consultants’ Managing Director Colin Sales explains in this video, it’s imperative everyone within your organisation understands the changes to the rights of individuals regarding data protection so that they know how and when to respond to those who wish to exercise their rights.
For instance, your organisation will need to respond to subject access requests (SARs) within one month. The deadline can stretch to three months if there are a number of requests, or the request is complex, but you still have let the individual know within one month why the extension is necessary.
Failure to comply with the GDPR could result in very stiff penalties. For example, a serious breach of data protection or non-compliance could incur a hefty fine—4% of the organisation’s annual global turnover or €20 million, whichever is greater. A failure to keep records in order, a failure to report a data security breach, or a failure to conduct impact assessments could result in a fine of up to 2% of an organisation’s annual global turnover.
Few organisations can afford such massive fines or the accompanying negative publicity they may attract. That’s why Colin urges you to make sure everyone within your organisation is up to speed with the GDPR before May 25th.
If you need help or would like to discuss any issue that this GDPR video series raises, please call us now on 0333 900 3003.