General Data Protection Regulations (GDPR) – What, When and Why?
Passed by the European Union in April of 2016, the General Data Protection Regulation (GDPR) aims to strengthen data protection for individuals in the EU. The primary objective of the GDPR is to give citizens back the control of their personal data. It also relates to the export of personal data outside the EU, so no matter where you are based, any organization that does business with EU citizens must comply with the GDPR’s expanded and more stringent data protection rules by May 25, 2018.For many companies, meeting the GDPR requirements will require a significant investment of time and resources. Non-compliance will have serious consequences, but the GDPR also provide opportunities to gain strategic advantage over competitors.Station10 is running a GDPR Business Breakfast for Insight and Digital Directors, to help you to understand the potential impact, both positive and negative, of the new laws and how this will affect you.The event is taking place on Tuesday 28th March, 8.30am – 10am at 11 Cavendish Square.If you would like to attend the GDPR Business Breakfast please email: Mikhaila.firstname.lastname@example.org .Andrew Hartshorn, Privacy and Data Protection legal expert, from Shakespeare Martineau who will be speaking at the Business Breakfast, commented on the importance of planning for the GDPR. Andrew says:“Whilst the core premise of both the Data Protection Act and the GDPR are the protection of the rights of individuals to have their personal data used fairly and appropriately; the GDPR goes much further in the rights it gives to individuals and the obligations it places on businesses. This, together with the significant increases in fines, means that businesses need to be taking action now to ensure they are ready for the new regime”At the Business Breakfast, Andrew will be able to explain the similarities with the existing UK Data Protection Act 1998 (DPA), and describe some of the new and different requirements and how they will affect businesses.The GDPR creates some new rights for individuals and strengthens some of the rights that currently exist under the DPA. These rights include:The right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object and rights in relation to automated decision making and profiling.As mentioned above, the GDPR will apply in the UK from 25 May 2018 and the government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.For Insight Directors, the GDPR represent a real opportunity to progress strategies around the Single View of the Customer and targeting customers, but it is important to start thinking now about ‘what’, ‘how’ and ‘when’ to make the most of this opportunity.