While it's important to know the background to GDPR, many organisations will just want to discover how to comply


In this article we've tried to summarise some of the key points:

  • Extended jurisdiction GDPR applies to any organisation which collects or processes personal data relating to an EU citizen, regardless of where the organisation's physical offices are located, globally.
  • Consent Organisations will be required to obtain the consent of an individual to store and use their data; and explain how it is used. This consent must be positively given (it won't be adequate to assume consent, or to present a default choice of acceptance).
  • Mandatory breach notification Organisations will be required to notify the supervisory authority (in the UK this is the Information Commissioner's Office) within 72 hours of discovering a security breach.
  • Right to access Organisations must be able to provide electronic copies of personal records to individuals who request a copy of their personal data being processed by the organisation, along with a note of where their data is stored and for what purpose. Organisations can no longer make a charge for supplying this information.
  • Right to be forgotten EU citizens will be able to require that the controller delete their personal data and/or stop sharing it with third parties.
  • Data portability Individuals have the right to transmit their data from one data controller to another. As a result, organisations must be able to provide an individual's data in 'a commonly used and machine readable format.'
  • Privacy by design Security must be built into products and services and processes from the earliest stages.
  • Data Protection Officers (DPO) Data controllers and data processors are required to appoint a DPO, if the organisation's 'core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data of data relating to criminal convictions and offences'. The DPO might be a contractor, new hire or a member of the organisation's current staff.

Related

This article is for information only and is not intended to be legal advice on this matter. If you have specific questions on how this may affect your organisation then you should consult a legal professional.