Today is a big day for all businesses. After today the landscape for data protection moves into a new phase, one that is governed by the General Data Protection Regulations (GDPR).
GDPR – May 25 2018
GDPR governs the way that all businesses process and control data and it cannot be ignored.
Data protection is not a new responsibility for businesses but after today the enforcement of GDPR will empower us all as individuals to have control over the data that other people and businesses hold on us.
The Information Commissioner’s Office are responsible for enforcing GDPR and they will act on all complaints of data breaches and non-compliance.
With online being the number one data collection source for businesses, all businesses that operate a website or online marketing need to adhere to the cornerstones of GDPR.
Legal basis for data processing
All businesses should have conducted an information audit so that you are clear on the personally identifiable information that you hold. This would include what data you hold, where it came from, who you share it with and what you use it for.
For all information that you collect (process and control) you should be able to classify this data in one of the following ways to comply with the law:
You have consent – from the data subject to process their data;
You have contractual necessity – can apply to staff and customers;
You are complying with legal obligations – you are legally obliged to process the data;
You have a vital interest – it is necessary to process the data to protect the data subject’s vital interests;
There is a public interest – necessary for the performance of tasks carried out by a public authority or organisation acting in the public interest;
You have a legitimate interest – provided the rights or freedom of the data subject is not affected.
This means that all data that businesses currently hold, or collect, must be classified in one of these six ways.
We expect businesses who are not compliant to be made an example of in the short-term after today, at the very least all businesses should be showing that they are working towards compliance.
If your business has not made changes to their website and other data collection and processing and undergoes an investigation, fines can be up to four per cent of annual turnover.
• To read more on this and other subjects, please visit the blog at www.ascensor.co.uk/blog.
For more information contact firstname.lastname@example.org
Connect on LinkedIn: andrewjfirth
Ascensor are a digital agency providing website design, ecommerce and digital marketing.