The SME Support Director
  • About You
  • About Me:
  • Let's Chat
  • Contact
  • Social Media
    • Services
    • Social Media Management
  • Blog

GDPR: Some key facts to consider.

9/5/2018

0 Comments

 
Picture

The General Data Protection Regulation (GDPR) comes into force on May 25, 2018. The regulation is designed to control the processing of personal data.

What constitutes "personal data" or "personal information"?

The following, although not exhaustive are examples of personal data:

Name address/postcode/bank details/bank cards/website/employer/NI no./Doctor/Dentist/Charities subscribed to/Solicitor/Accountant/credit score/retail profile/employment history/ etc.

What information do you hold on your customers/clients and how are you processing and protecting their personal data?

Maybe some of the above,but also; Property 
owned/income/salary/religion/interests/family/behavourial activity/geo data/job titles etc.

Purpose of GDPR

The purpose of the General Data Protection Regulation is to; 1) Give rights to individuals who can legally enforce organisations to process their information according to the relevant legislation and 2) to give organisations guidlines on the minimum standards they should apply when handling personal information.
It is to protect the individuals right to privacy balanced against,  for instance, 
security issues and the organisations ablity to operate in a market economy.

What is classed as an organisation

An organisation can be a sole trader, partnership,limited company, blue chip Plc company, multinational or local authority,government department,hospital, charity or voluntatry body. Any legal entity that is not a "natural person" is an organisation. GDPR is designed to promote high standards when dealing with personal information and an individuals right to confidentiality and privacy.

Organisations who hold personal data must;
  • Keep personal information safe and secure
  • Keep it accurate and up-to-date
  • Not to collect excessive or irrelevant information
  • Only keep it for as long as they need it
  • Only send it to companies/countries who protect the data the same as way as we do in the EU
  • Not to use it in a way that you might not expect.

 Personal Data/Personal Information

Personal data or personal information is only classed as such when it can identify an individual, which are then classed as a "natural person". Under GDPR once a person can be identified then they are known as the Data Subject.
GDPR does not apply to deceased individuals. If all is known about a person is a name, say John Smith this is not enough to be personal data, however if for instance you knew the telephone number of John Smith then this would identify him as a "natural person"

Personal data may also include one or a combination of these; location,genetics,biometrics information, IP addresses,photos and images which could lead to the person being identified.

When and individual provides personal information they should be told;
  • Why it is required
  • What the organisation intends to do with it.
  • How long they will keep it
  • Promise to keep it safe
  • Advise individual of their rights
  • Inform the individual if the data is to be shared with a third party
Organisations should take appropiate measures both technically and organisationally to keep the data safe.

Does your business operate CCTV?

Close circuit television comes under the General Data Protection Regulation because organisations are capturing images of individuals who may be identified and therfore such footage (data) must be protected and secured just the same as personal data kept on a PC or CRM system. 

Categories of Personal Data

A persons' name, address DOB, financial data for instance are classed as Standard Categories of personal data.
However there is also another category known as a Special Category of sensitive personal data, which would include;
  • Medical Records
  • Racial Ethnic Origin/Political Opinion/Religious Beliefs
  • Connection to Trade Unions
  • Genetic Data
  • Criminal acts
Organisations must have a legitimate reason to hold specific data otherwise they will be in breach of the legislation. Lawful reasons for holding sensitive data must have an individuals explicit consent unless processing is required under a specific law where it may be in the public interest to hold such information for example infectious diseases.

These are just few of the key facts about the General Data Protection Regulation. It is vitally important that Staffordshire Moorlands businesses ensure compliance with the regulation.
In the worst case scenario the Data Protection Authority can implement a fine of 20 million euros or 4% of global turnover which ever is the greater if there is "a breach of fundamental rights and freedoms" of the individual.

























0 Comments



Leave a Reply.

    Author

    Former MD.Passionate about supporting SME's and helping them to grow their business using a practical hands-on approach.

    Archives

    October 2019
    May 2019
    April 2019
    November 2018
    June 2018
    May 2018
    April 2018
    March 2018
    July 2017
    March 2017
    February 2017
    June 2016
    May 2016
    November 2014
    September 2014
    August 2014
    July 2014

    Categories

    All
    APPLE
    Business Intelligence
    BUSINESS MODEL
    China
    COMMUNICATION
    Content
    CULTURE
    DAVE POWER
    Disruptive Technology
    Enjoyment
    ENTREPRENEUR
    Exporting
    Innovation
    INNOVATION STRATEGY
    Lean Manufacturing
    Listening Strategy
    Managing Change
    Market Segment
    McKinsey
    Michael Brito
    Non Conformance
    Non-conformance
    NPD
    Online Conversations
    Passion
    Profitabilty
    Profit Margins
    Quality Control
    S-curve
    Social Media
    STEVE JOBS
    Total Quality Management
    TQM
    USP

    RSS Feed

Proudly powered by Weebly