The EU General Data Protection Regulation (GDPR) is due to be enforced from 25 May 2018. This is the most significant piece of European privacy legislation in 20 years.
Replacing the 1995 EU Data Protection Directive, it brings data protection up to speed with a modern, data-driven world, strengthening the rights of EU citizens and reshaping the way organisations worldwide approach data privacy. And with Brexit negotiations hotting up, the UK government has already confirmed that the decision to leave the EU will not affect the introduction of the GDPR.
Data is a powerful, valuable marketing tool. It allows business to understand its customers, predict behaviour and buying habits, and build strong revenue streams. But as the Internet has increased in complexity and reach, there has been a growing discomfort about the visibility and vulnerability of personal data.
From May 25, the GDPR will give EU residents a much greater say over what, how, why, where, and when their personal data is used, processed, and disposed of.
GDPR Summary | What are the biggest changes?
- Penalties for non-compliance are serious. The Information Commissioners Office (ICO) has the power to impose GDPR fines of up to £20m (40 times more than the previous top penalty) or 4% of global turnover, and corrective sanctions including a permanent ban on data processing
- It will be necessary to report a breach within 72 hours
- All stored data should be obtained via opt in not opt out – consent is now essential
- Individuals have new rights such as the right to data portability, the right to be forgotten, and the right to compensation in the event of a breach
Rezcomm has achieved GDPR Compliance
As a market leading data controller/processor, Rezcomm has always made data protection and online security a key focus, and as such, we are all-set to comply with applicable GDPR regulations on May 25. Our commitment to meet this target has driven us to work towards ISO standards to ensure that the highest levels of protection are maintained.
We work from six fundamental principles of data protection regulation:
- Data must be processed lawfully, fairly and transparently. For example, our systems ensure privacy notices are provided in a concise and easily accessible form, using clear and plain language.
- Data must only be collected for specific, legitimate purposes.
- Data must be adequate, relevant and limited to what is necessary.
- Data must be accurate and kept up to date.
- Data should be stored for only as long as is necessary.
- We must ensure appropriate security, accountability, integrity and confidentiality.
We have carried out detailed assessments for high-risk operations, undergone certified EU staff training, appointed a Data Protection Officer, documented policies and procedures, and established roles and responsibilities that have led to a cultural change within the business.
We’ve worked hard, we are ready and we’re proud of it!
What does the GDPR mean for you?
The GDPR affects all businesses, public and private, anywhere in the world, that handle and process personal data pertaining to EU citizens. This means the regulations apply to your business. At Rezcomm, we commit to work alongside you to explore how we can help you meet your GDPR obligations. We take the GDPR very seriously and will do anything possible to support you through these changes.
Read More About Our GDPR Framework:
Rezcomm GDPR Framework
If you have any questions about our framework or would like to discuss your GDPR compliance with us, please contact our Compliance Team here
Subscribe to the Rezcomm Blog
Get the latest posts delivered right to your inbox