GDPR: What does it Mean?
It would be impossible to have missed the impending GDPR (General Data Protection Regulations) being implemented recently on 25/05/2018 as we are all flooded with emails regarding personal data and it became almost impossible to do anything without being informed of a changed privacy policy. This is all good news however as the GDPR will now mean that there are more strict standards across the board and create a new level of trust across a single digital economy. With these new standards and requirements now in place, there will be no grace period for companies to be eased in to the new standards due to the fact that the announcement was made in April 2016.We have briefly spoken about the GDPR before it came into effect and thought that today we would talk about some of the main changes and actions to be taken going forward.
The GDPR contains a much broader definition of what constitutes personal data than that which exists in the Irish Constitution. Now, personal data will be defined as any information relating to an identified or identifiable living person. For example, online identifiers now constitute personal data. The new rules will apply to both automated personal data and manual filing systems. The advice here is to encrypt all personal data to a good standard as even anonymous data can be included depending on the ease with which the data can be accessed and combined with other identifiers. All personal data which is stored will now need to be done only after confirming consent of the individual. Consent must be freely given, verifiable and confirmed through affirmative action. A pre-ticked box on a website will not legally constitute consent. The only situations in which it is permissible to share personal data without having consent will be in cases of national interest, or in the case of counselling services for children. A new definition within the GDPR is that of ‘sensitive personal data’. This is data such as race, ethnicity, sexual orientation, trade union memberships, religious beliefs or medical information. There are stricter rules in place for these forms of data, a higher standard of consent is required here.
Accountability is a key area in which the GDPR differs from previous regulation. Organisations are now required to demonstrate compliance with all GDPR principles. The best course of action is to take precautions to avoid a breach of regulations. When handling personal data take extra care with both standard and sensitive information. When asked to disclose any personal data be vigilant and ensure you identify the authority as legitimate.
Should you require any help, advice or guidance on any financial or business matters, please don’t hesitate to get in touch with us here at EcovisDCA, where we will be happy to support you in getting your business to the next level.
– – –
~ DCA PARTNERS, DECLAN DOLAN & EAMONN GARVEY