Reform of the GDPR and EU changes
The final text of the EU GDPR is finally available.
Find out what most EU businesses have already adopted and how the UK adoption of the GDPR and EU changes affect your business.
The final version of the EU GDPR was confirmed and approved by the European Parliament in April 2016. This regulation supersedes the previous Data Protection Directive and introduces a new order to the way businesses will deal with individual citizens data. Twenty days after the date of publication in the Official Journal of the European Union, the GDPR came into force. Exactly two years after the date of entry, the Regulation will apply (25th May 2018).
The publication of the EU GDPR is just the start. Now the implementation phase begins. UK and EU businesses must make sure that their organisations comply with the new set of rules by the time the GDPR deadline comes into effect. Below is a brief overview of the EU changes you can expect.
What you need to know
The definition of consent
Consent is now established as “freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Essentially, this means that contacts will have to make an action (i.e. tick a box or click on a confirmation link…etc.) that says they agree for you to use their personal data. This consent will only be legal if you make it crystal clear what you are using their data for.
An individual’s user rights with their data
Under the new GDPR, EU citizens will have more rights when it comes to their personal data. They will have the right to request a copy of their personal data in a format usable to them and electronically permissible to another processing system. They will also have the right to be forgotten and Subject Access Right to their data. Organisations will also be expected to only collect data for specific purposes and discard it when it is no longer required.
GDPR and EU changes to your data processes
In short, the GDPR and EU changes mean that organisations will need a whole new process when it comes to managing their data. To stay in compliance with the law, they will have to keep detailed records. In particular, they will need to keep an eye on touch points when it comes to collecting data, how they record it, store it, retrieve it, disclose it and erase it. Some organisations will even have to appoint a Data Protection Officer as a mandatory requirement from the GDPR changes.