A short guide to the EU GDPR

book-1176256_1920The GDPR (General Data Protection Regulation) will take effect in every EU member state in May 2018 and will affect every organisation that collects or handles data relating to EU residents.

The Regulation itself is a long document (118 pages of legalese), and failure to meet the requirements could turn out to be expensive – up to 4% of annual global turnover or €20 million, whichever is greater. The data controller is responsible for demonstrating that the organisation applies to the six principles outlined in Article 5 of the GDPR:

Personal data must be:

1. be processed lawfully, fairly and transparently.

2. be adequate, relevant and limited to what is necessary for processing.

3. accurate and kept up to date.

4. kept in a form such that the data subject can be identified only as long as is necessary for processing.

5. processed in a manner that ensures its security.

and can only:

6. be collected for specified, explicit and legitimate purposes.

These six principles are at the heart of the Regulation, but it’s important to consider other areas, including: consent and documentation of consent, lawful processing, controller/processor contracts, the data protection officer (DPO), accountability and the board, and how to respond to data breaches.

Complying with the Regulation

Because the administrative penalties can be applied so broadly, it is important to understand what your own obligations and exposure are. The first step towards compliance for most organisations will be a data audit: identifying the personal data they already hold, who it has been shared with and where it is now held, and determining what must be done with that data in order to comply with the GDPR.

You will also be required to:

A pocket guide on the GDPR

EU GDPR – A Pocket GuideIf you need help understanding the Regulation, the broader principles of data protection, what the Regulation means for businesses in Europe and beyond, or any of the issues mentioned above, then I would highly recommend getting yourself a copy of EU GDPR – A Pocket Guide.

Written by internationally acknowledged cyber security expert and leading author on information security and IT governance issues Alan Calder, this pocket guide will help you quickly understand your new obligations.

Find out more >>