What is GDPR and data protection?
The General Data Protection Regulation (GDPR) is a new European Union (EU) privacy law that takes effect on May 25, 2018. It is designed to give individuals control over their personal data and is an important effort for protecting individual rights and freedoms. The GDPR applies to any organizations based in the EU and organizations—wherever they are located—that are selling goods and services in the EU or processing personal data of individuals in the EU.
How does the new GDPR legislation affect me and my buisness ?
If you handle personal information about individuals, you have a legal obligation to protect that information under the General Data Protection Regulation.
What is the ICO and do i need to register?
The ICO (Information Commissioners Office) is an independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Under the Data Protection Act individuals and organisations that process personal information need to register with the Information Commissioner's Office (ICO), unless they are exempt.
What could be the consiquences if i not complyant with ICO regulations?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or £20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement.
The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.