UK organisations that process the personal data of EU residents only have a short time to ensure they are compliant with the EU General Data Protection Regulation (GDPR) – 177 business days to be exact.
It’s now more important than ever to look at what you need to do to prepare.
Key changes under the GDPR
The GDPR will be enforced from 25 May 2018 and introduces a number of key changes to data protection laws:
- It broadens the definition of ‘personal data’ to encompass an individual’s mental, economic, cultural, and social identity.
- It requires parental (or equivalent) consent to process children’s data.
- It changes the rules for obtaining valid consent when collecting data. Consent must be given by a clear and affirmative action.
- It mandates the appointment of a data protection officer (DPO) for organisations that process EU residents’ data on a large scale.
- It requires data protection impact assessments (DPIAs) for organisations that undertake high-risk data processing activities.
- It requires data controllers to report a data breach within 72 hours of discovery.
- It gives data subjects the right to be forgotten.
With just over eight months to go until organisations need to comply with the GDPR, now is the time to prepare.
Updated GDPR guidance
With new and updated content, EU General Data Protection Regulation (GDPR) – An Implementation and Compliance Guide, Second Edition provides practical guidance on how to achieve compliance.
The second edition provides practical guidance on how to achieve compliance and covers:
- The GDPR in terms you can understand;
- The obligations of data controllers and processors;
- What to do with international data transfers;
- Data subjects’ rights and consent;
- Clarification of consent and alternative lawful bases for processing personal data; and
- An implementation FAQ.