The General Data Protection Regulation (GDPR) came into force on May 25, 2018, and was designed to modernise data protection laws that protect the personal information of individuals.
GDPR affects every company, but the hardest hit will be those that hold and process large amounts of consumer data: technology firms, marketers, and the data brokers who connect them.
Elizabeth Denham, the UK's information commissioner, who is in charge of data protection enforcement, says GDPR brings in big changes but has warned they don't change everything. "The GDPR is a step change for data protection," she says. "It's still an evolution, not a revolution". For businesses which were already complying with pre-GDPR rules the new should be a "step change," Denham says.
The GDPR does not require every controller or processor to appoint a data Protection Officer (DPO) but, you should assume that you will need a DPO. Peter Brown, the Senior Technology Officer within the ICO says "I've heard plenty of people talking about there being a DPO exemption for Small and medium-sized enterprises (SMEs) - this is absolutely not the case".
The individual has the power to hold companies to account as never before. If individuals begin to take advantage of GDPR in large numbers, by withholding consent for certain uses of data, requesting access to their personal information from data brokers, or deleting their information from sites altogether, it could have a seismic affect on the data industry.
.With our Pay-as-you-go solution starting at £20 per Subject Access Request or a Fully Managed Service from £9.95 per month.
We will design a service to best suit your companies requirements.8
Identifying risks, providing solutions and advice to minimise the effects of GDPR on your business. All from £395 + vat
Delivering training on your premises FREE of charge.
Sign up to hear from us about all the GDPR events we are holding, and any changes in legislation that occur.