GDPR Compliance

As many companies who deal with the storage and processing of data from clients and consumers in the European Union already know, come May 25, 2018 there will be a pretty large shift in terms of how this personal data can be dealt with. The General Data Protection Regulation (GDPR) will be replacing the Data Protection Act and grants individuals more rights when it comes to the storage and processing of their personal data by data controllers and processors in an effort to increase data security and assign more accountability to those who hold it.

The introduction of this new regulation has many companies scrambling to ensure they are compliant with these new terms and can safely and securely store and process any personal data they come into contact with. This can mean a drastic overhaul of current processes in place for handling data or a simple change in wording here and there in the various policies of a company. Either way, it is imperative that any company dealing with the personal data of E.U. residents completes an in-depth audit of all their data collection and storage processes and makes sure that they are compliant with GDPR by the time May 25th rolls around.

The absolute first thing that you must do when beginning this audit is to determine whether your organization acts as a data controller or a data processor. The data controller oversees the processing of the personal data and determines the legal basis for which the data will be collected and processed whereas the processor is the entity that actually handles and processes the data on behalf of the controller. This distinction is important because previously only data controllers were held liable for non-compliance with data protection. Under GDPR, data processors will now also be held liable for non-compliance and susceptible to incurring penalties. Once you have determined whether your organization is the data controller or processor, you can then continue with the audit under the correct assumptions.

We have put together this seven-week GDPR course to help increase your understanding and awareness of the changes that will be occurring under GDPR. We will cover the eight new rights that will be given to individuals under the new regulation and help you determine exactly what they mean for you and your organization. These rights are:

• The right to be informed
• The right of access
• The right of rectification
• The right to erasure
• The right of data portability
• The right to object
• The right to restrict processing
• Rights in relation to automated decision-making

We will also cover some of the other aspects of GDPR, including what happens if you fail to comply with the regulation as well as what to do in the case of a data breach.

Next week we will cover the first of these new individual rights – the right to be informed – and the legal basis for processing data.