What is GDPR?

gdpr_blog.jpg
Written by David Lenagh on 28 March 2018
The General Data Protection Regulation is a new data protection law.

From the 25th of May, these new rules will apply to any organisation that processes personal data relating to an EU citizen.

What is personal data? Simply put, this is any information or piece of information that can identify a living individual.

The General Data Protection Regulation (GDPR) is an evolution of our existing data protection act (DPA). The Data Protection Act is now over 20 years old and these new rules will address a number of its shortcomings.

What is now considered personal data has been updated to reflect the modern world we live in. Biometric data, genetic data, IP addresses and pictures of you all now fall within the regulations scope. These new rules also require organisations be able to demonstrate and evidence their compliance.

For example, organisations must now document in detail any processes which make use of personal data. They will also be required to undertake risk assessments should they process sensitive types of personal data.

The above is just two small snippets from the new standard. In summary, the new rules are complex and far reaching. For small organisations, the task of becoming compliant is considerable and the effort required proportional to the volume and nature of personal data you collect and process.

Consequences of the new rules

Our local authority The Information Commission will oversee and enforce these new rules just as they did with the Data Protection Act.

Under current DPA rules, the maximum fine an organisation could be liable for in the event of a breach was £500,000.

With GDPR, the information commission can now impose fines of up to 20 million Euros or 4% of annual worldwide turnover (whichever is the higher value).

Another key change with these new rules is that both data controllers (the party which collects the data) and data processors (the party which performs operations on the collected data) are now both deemed liable.

For more information on the new standard please visit the Information Commissions website.

Polymorph can also help you navigate a course towards compliance and offers consultancy services to prepare you for the 25th of May deadline. We are holding a coffee and cake morning with an introduction to GDPR and how it will affect your organisation. For more information click here.

Share this page
About the author
dlenagh.jpg
David Lenagh
David Lenagh, a graduate of Computer Science from Liverpool University, started his career within the national newspaper industry. David then went on to hold senior management positions in both the newspaper and charity sectors. Having spent his career working in heavily regulated organisations, David has had a strong focus on ensuring organisations regulatory compliance, information security and readiness for the new GDPR legislation.
Can we help? Please get in touch

Metro Rod establish entirely new, secure, scalable, cloud based IT infrastructure with Polymorph following acquisition by Franchise Brands plc. Resulting in providing more flexible IT services to their entire franchise network.
Polymorph, a leading Microsoft Gold Partner, is seeking a 1st Line Support / Service Desk Analyst