GDPR – All You Need To Know

GDPR

What is it & Why Was it Created?

GDPR is the EU’s new way to control what kind of information companies are storing on their customers. When signing up for things or giving details to companies, a lot of personal information is stored by organisations. GDPR is here to make sure you have more control over what data they are storing. This will replace the UK’s Data Protection act 1998 that was introduced to implement the EU’s 1995 data protection directive. GDPR will introduce big fines for organisations who fail to comply with the rules. This new law will be almost identical across the entire EU. GDPR was created because too many big companies offer free services in exchange for personal information and this can be manipulated as shown by Cambridge Analytica’s scandal when personal data was used to influence the 2016 US election.

When Will it Apply?

The GDPR will apply in all EU member states from 25 May 2018. Even with the Uk leaving the EU, GDRP will take effect before the UK actually leave so the UK must still follow these rules. GDPR is a regulation, not a directive, so this means that the UK does not need to make its own legislation as this will apply automatically. Although the GDPR came into force on 24 May 2016,  businesses and organisations have until 25 May 2018 until the law actually applies to them.

Who does it Apply to?

‘Controllers’ and ‘processors’ of data need to abide by the GDPR. Data controllers explain why data is being stored and data processors are the ones actually storing the data. The controller could be anything ranging from a profit-seeking company to a charity or government. A processor could be something like an IT firm who process the data. Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents. However, we would like to remind you now that this is not as serious as everyone thinks and the reality is, it’s very likely most companies are already following most of these rules and there will only need to be few changes.

What Counts as Personal Data & How do I get Consent for Personal Data?

Personal Data under the GDPR has a bigger definition than it had previously. From now on things such as an IP address will count as personal data and other data such as health information. This will all be added on top of the already existing definition of personal data for example name, address, bank details and such. To make sure you have consent to store this data you need to have boxes that the user must tick to give consent when submitting data to your website. These boxes cannot be pre-ticked and the user must be able to withdraw all data at any given time. You must also have clear links to your privacy policy and any other website terms and conditions.

How can I make sure I’m not Fined?

Failing to comply can potentially cost your business – there are 2 different fines under the GDPR the first is up to 10 million or 2% annual global turnover and the other is up to 20 million or 4% annual global turnover (whichever is more). If you want to make sure you’re not fined for breaching GDPR rules then get in touch because here at Catchfish Online we offer a GDPR compliance service. This can be a quick fix and put your mind at ease so get in touch today if you have any questions. Send us a message or email: info@catchfishonline.com
T. 0800 246 5672

All the best, Aidan @catchfishonline