WHY ARE WE STILL CONFUSED…?
GDPR is the General Data Protection Regulation. Although GDPR came to light in May 2018, there is still a mystery around it. Many companies are not sure if this law applies to their operation. Small and start up business owners are not an exception.
This regulation has been implemented in all local privacy laws across the entire EU and EEA region. It replaces the Data Protection Directive and applies to all companies selling to and storing personal information about citizens in Europe, including companies on other continents.
It may bring confusion to what GDPR means for citizens of the EU and EEA. Nonetheless the result of GDPR allows all EU & EAA citizens to have greater control over their personal data with the assurances that their information is being securely protected across Europe. Great example, organisations must prove that consent was given in a case where an individual objects to receiving the communication. This means that any data held, must have an audit trail, time stamped and reporting information details of what the contact opted into and how.
WHY IS GDPR IMPORTANT
IS OUR PERSONAL DATA SAFE?
Not only is our personal data becoming more and more valuable; skills and opportunities for retrieving different types of personal data are also evolving extremely fast. Therefore unauthorised, careless or ignorant processing of personal data can cause great harm to persons or to a company.
Key pieces of information that are commonly stored by businesses, be that employee records, customer details, loyalty schemes, transactions, or data collection need to be protected. This is to prevent data being misused by third parties for fraud, such as phishing scams, and identity theft.
Common data that businesses might store, include:
- Telephone numbers
- Bank and credit card details
- Health information
The principles set out in GDPR help businesses ensure the details of their staff, clients and customers are properly protected.
Following proper data protection procedures is also crucial to help prevent cybercrimes by ensuring details, specifically banking, addresses and contact information are protected to prevent fraud. For instance, your clients or customers’ bank accounts being hacked into.
A breach in your data protection can be costly. Thus any affected customer or staff member, in some cases can pursue compensation against your business. You can also leave yourself open to punishments for failing to comply with data protection.
WHO ARE WE?
The team behind E & L Consultancy Group
We are a team of women that share the same passion about business growth and supporting other women is business. We have a range of expertise from IT, business analyst, project management, web development just to point out a few. Our team work with businesses to find the right balance between business objectives, legal obligations and IT support while providing guidance and full support as we know data protection can seem complex and time consuming.
We do more than just advise, we are completely hands on and available to you to ensure your business is compliant and meet your customer/clients expectations. Having a relationship of trust with our clients is what we value the most.
THE IMPACT OF GDPR
HOW EU COMPANIES HAVE BEEN HIT WITH FINES
All EU states have passed their own data-protection laws, and enforcement has begun in many countries, so where do things stand and how can organisations navigate the way forward?
The first year of GDPR has been a settling-in period for regulators and organisations. Fines, breach notifications, and reporting are all still grey areas, pending more detailed guidance and examples from the data protection authorities and/or the courts.
GDPR PENALTIES AND FINES
The maximum fine under the GDPR is up to 4% of annual global turnover or €20 million, whichever is greater for organisations that infringe its requirements. However, not all GDPR breaches lead to data protection fines. Supervisory authorities such as the UK’s ICO (Information Commissioner’s Office) can take a range of other actions, including:
- Issuing warnings and reprimands
- Imposing a temporary or permanent ban on data processing
- Ordering the rectification, restriction or erasure of data, and
- Suspending data transfers to third countries