WA Management provides professional, adaptable and appropriate solutions for your Health and Safety needs. Each week, our research blog takes a detailed look at particularly topical areas of the sector, or risks that are repeatedly overlooked. Last week, social media giant Facebook was fined £500,000 by the Information Commission Office (ICO) for breaching data protection laws. Controversy remains around the fine, with many suggesting it should be far higher under new GDPR compliance laws. Consequently, our research blog here looks to clarify the importance of data protection, and how it relates to YOUR company.
GDPR at a glance
General Data Protection Regulation (GDPR) is a set of regulations outlined by the EU with the aim of reforming previous data laws across Europe, which have struggles to keep pace with the rapid developments in technology. It became enforceable in EU member states from 25th May 2018.
However, GDPR is only an advisory regulation, and not a legislative directive. This sounds impenetrable, but in practice means two things:
- EU member states could choose whether to adopt the guidelines it set forward
- These countries could then choose whether to implement legally-binding legislation to criminalise non-compliance
But what is included within GDPR?
GDPR states that companies wishing to obtain personal data must have justified grounds for doing so. Furthermore, the obtaining of data must incorporate methods by which to de-identify a person – meaning that only the required data is collected. This is called pseudonymization and essentially ensures that your identity cannot be stolen on the information you provide. Equally, data can only be collected if explicit, informed consent has been given – this explains the millions ‘we’ve updated our privacy policy’ adverts you will have seen on practically every website.
GDPR also outwardly states the 8 Rights (handily outlined in our graphic below) that must be preserved to be compliant. Finally, companies that rely on, or regularly use, sensitive data must employ a Data Protection Officer (DPO) to maintain good practice and report any data breaches.
So, why is it relevant to my company?
All the above seems rather heavy and complex. However, GDPR is incredibly relevant to your company, as Parliament implemented the Data Protection Act directly off the back of it. This Act includes many, but not all, of aspects listed above, meaning a failure to comply is punishable by fines. The body responsible for enforcing the Data Protection Act in the UK is the Information Commission Office (ICO), who recently fined Facebook £500,000 for failing to protect themselves against data breaches. Whether by luck or by good lawyers (probably the latter), the fine given to Facebook was significantly lower than could be demanded under GDPR.
Consequently, all companies in the UK will have to comply to the Data Protection Act, even after Brexit. This will affect YOUR company in ways such as:
- How you collect data for customer records
- How you compile mailing lists or subscribers for Newsletters
- The layout and small-print of your website
- Who you share your customer information with (subcontractors etc)
- If you handle sensitive data; whether you need a DPO as safeguard
Conclusions, and how WA Management can help
Despite the bleak picture painted by this article – there is hope! WA Management offers a wide range of comprehensive and accessible online training courses on GDPR, Cybersecurity and Data Protection. These courses, which start from as little as £25 + VAT, give you the basics and consolidate your knowledge, and ensure that you are left at no doubt as to how to be compliant. Furthermore, they give a recognised, fully-accredited certificate upon completion.
Click HERE to enquire about training today. With GDPR compliance, it is always better to be safe than sorry.