European Data Protection law for all businesses coming into effect from May2018

Discussion in 'General Data Protection Regulation (GDPR) Forum' started by Gigha, Jan 14, 2018.


Do you know about GDPR and are you taking steps to comply in time?

  1. Yes, we are aware and well ahead in our actions for compliance

    1 vote(s)
  2. Yes, we are aware but don't really know where to start our compliance efforts

    1 vote(s)
  3. We don't know much about GDPR. Don't think it affects us.

    1 vote(s)
Thread Status:
Not open for further replies.
  1. Gigha

    Gigha UKBF Newcomer Free Member

    5 0
    Brief about GDPR (European Data Regulation coming into effect).

    On 25th May 2018, the General Data Protection Regulation (GDPR) will become law in all European member states, including the United Kingdom who will still be a member at that time. Some of you might start to think, with BREXIT this might not be apply, you are wrong. UK Parliament has made it clear (refer to Information Commissioner of UK's website) that GDPR will be applicable even post BREXIT, so don't neglect.

    The new Regulation will replace the Data Protection Act 1998 (DPA) which was developed at a time when most data processing was still paper-based. There was also a limited understanding of the impact that technology would have on the way we process data.

    The purpose of the GDPR is to:

    • harmonise the EU’s laws surrounding data protection
    • protect all EU citizens’ data privacy
    • re-shape the way organisations across the region approach data privacy.
    In drafting it, the EU’s aim was to design it as a living document and future-proof the wording. They have also made it ‘technology neutral’ which means that the same regulatory principles apply regardless of the technology used

    If you hold information which falls within the scope of the Data Protection Act 1998, it will also fall within the scope of GDPR. The GDPR principles are similar to the DPA, but there is a new accountability requirement – you will have to demonstrate how you comply.

    As of the 25th May 2018, organisations that do not comply will face very heavy fines to the tune of 4% of your global revenues or EUR20 Million whichever is higher. More importantly your customers (whether individuals or corporates) are likely to ask you to comply with GDPR risking your business hence its better to plan ahead and comply.

    It is important to note that GDPR is still a work in progress with the Information Commissioner’s Office (ICO) issuing monthly updates on its implementation in the UK (The ICO is the UK’s independent body that upholds information rights).

    Find out more about GDPR on ICO’s website, search for "ICO GDPR" in google.

    Whom does it apply?

    The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the DPA – i.e. the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.

    The GDPR applies to any business (whether you are a one man army or a larger business) as long as you process (in simple terms "handle") personal data of your customers, employees and business contacts. Your company size, type of data handled, how you process data dictate amount of action you need to take. A corner grocery shop or someone who sells lunch on a van with no personal data being stored or handled is likely to have impact, however if you are a small business and handle personal data (real estate agents, recruitment firms, vehicle dealers, manufacturer, dealer etc..) you will need to take necessary action.

    Handling of data as private citizen (not as business) is not impacted by GDPR.

    The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

    GDPR enforces several requirements on businesses such as, fair and transparent processing, rights of Data Subjects, Legal basis of processing, Breach monitoring and reporting, accountability and governance, guidelines of marketing.

    Any thoughts on likely implications and how to prepare for compliance by small businessess are welcome.

    Good luck.
    Last edited by a moderator: Jan 15, 2018
    Posted: Jan 14, 2018 By: Gigha Member since: Jan 4, 2018
  2. Mark T Jones

    Mark T Jones UKBF Enthusiast Free Member

    2,544 688
    I think there’s a hint of Y2K about it. Lots of consultants making a lot of noise in order to sell advice

    Whilst it is theoretically very far reaching it is impossible to know how it will be interpreted or enforced

    My tip would be to apply common sense, keep quiet and watch from the sidelines

    As an aside I’m quite amused how many organisations are scraping dubious data to sell their GDPR services
    Posted: Jan 15, 2018 By: Mark T Jones Member since: Nov 4, 2015
  3. Nochexman

    Nochexman UKBF Enthusiast Free Member

    1,716 266
    Gigha, it would be helpful to know where you are coming from in this thread - are you offering a service, are you a concerned recipient of the changes or something else?
    Posted: Jan 15, 2018 By: Nochexman Member since: Jun 14, 2011
  4. Gigha

    Gigha UKBF Newcomer Free Member

    5 0
    I agree with Mark partly to not boil the ocean or massive tech investment that is being talked about. However as a responsible business owner each has to do some sort of risk assessment to see whether are they exposed to any sort of risk as a resultant of GDPR, if one is confindent of their process and controls, definitely they have nothing to worry.
    Posted: Jan 15, 2018 By: Gigha Member since: Jan 4, 2018
Thread Status:
Not open for further replies.