The new General Data Protection Regulation rules have just come into force and are designed to ensure organisations obtain data about individuals fairly. The new data protection rules have resulted in scores of e-mails finding their way into our inboxes and require “genuine consent” which is why so many people on mailing lists are being asked to opt-in to receive further digital communications. Businesses who fail to comply with the new legislation may be met with substantial fines should data fall into the wrong hands.
The new rules were first proposed in 2012 and replace the 1995 Data Protection Directive. The rules have been created to make organisations more accountable with regards to how personal data is collected and processed. Data breaches must be reported within 72 hours. Article 8 of the Charter of the Fundamental Rights of the European Union stets that people have a fundamental right when it comes to personal data protection. Fines of up to 4% of annual global turnover or $20 million could be handed to those that fail to comply with GDPR. Individuals whose rights are breached will be entitled to compensation. Organisations must now respond to requests to obtain information held about individuals within just one month. Individuals now have a “right to be forgotten”, which means personal data can be destroyed if it is no longer needed or was processed illegally. Individuals can withdraw the consent given to process their data at any point. Organisations are no longer permitted to charge for data requests, though it is no longer necessary to register with the Data Protection Commission.
How to avoid penalties
Should the Data Protection Commission decide to assess how your organisation processes data, you must be able to show how you are complying with the legislation. Data controllers are being urged to review and enhance their processes for risk management and review their privacy notices. The language used in privacy policies must be straightforward, and policies must be easy to locate on your site. Visitors to your site have a right to know whether you share data with third parties and why it is shared. Many organisations have taken the step of recruiting data protection officers to avoid unwittingly breaking GDPR rules. Companies are being advised to carry out data protection and privacy impact assessments and to prioritise individual’s privacy at the start of each of their projects and products.
Benefits of GDPR for individuals
Individuals can also ask for their personal information to be corrected should it be inaccurate or incomplete. Another benefit of GDPR for individuals is that organisations are now working harder to improve customer satisfaction regarding how they process personal data. You may start to receive far fewer spam emails and unsolicited phone calls and find that privacy notices are much more transparent than they were previously.
Contact Mark Reynolds
At Mark Reynolds Solicitors, we are able to provide specialist legal advice and representation in various fields. If you need any further advice about GDPR, call now on 0800 002 9577.