What is GDPR?
The General Data Protection Regulation (GDPR) is a new regulation intended to strengthen and unify data protection for individuals within the European Union (EU). It will regulate how companies process and use personal data and replace the current Data Protection Directive.
What information does the GDPR relate to?
The GDPR relates to the personal data of EU Citizens.
Who does the GDPR apply to?
The GDPR applies to ‘controllers’ and ‘processors’
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.
Does it apply to me?
It is a common misconception that data protection laws do not apply to small businesses. Greater obligations are placed on larger organisations but there is no “small business exemption”. The GDPR will apply to all businesses who handle personal data, regardless of their size.
When does GDPR come into force?
GDPR comes into force on 25th May 2018. There will be no grace period, so it is important that companies prepare for the changes now.
What are the consequences of non-compliance?
If the ICO finds that a company has breached the GDPR they could face fines of up to €20 million, or 4% of worldwide revenue, whichever is higher. Data subjects will also be able to bring claims for compensation in addition to the ICO fines.
The GDPR will also introduce new obligations on businesses to demonstrate accountability and compliance. To demonstrate compliance, businesses will be required to implement appropriate technical and security measures to protect personal data.
Will Caag Software comply with GDPR?
Yes. Caag will fall under the scope of the regulation as a ‘processor’ and ‘controller’ so we fully intend to comply with our GDPR obligations by 25th May 2018. We are currently reviewing and updating (where necessary) our internal processes, procedures, data systems and product features to ensure we are ready for GDPR.
As Caag will be compliant, does that mean my business will automatically comply with the new regulations?
No. Every company regulated by the GDPR will need to assess its own responsibilities. Full details can be found on the Information Commissioner’s Office (ICO) website using the link below.
What happens next?
As we move nearer to the GDPR implementation date, we will continue to review and update our activities and processes to ensure compliance.
Companies can keep up to date with the latest GDPR information and developments by visiting the ICO website https://ico.org.uk or subscribing to their Newsletter using the following link: https://ico.org.uk/about-the-ico/news-and-events/e-newsletter/
Please note that this information is not exhaustive or intended to address every aspect of the GDPR and does not constitute legal advice. We would encourage you to contact a legal professional to confirm how the GDPR will affect your business.