What is GDPR?
As the economy becomes increasingly digitised, companies hold vast quantities of personal information. This form of data is considered high risk due to the implications a breach may have. A data breach could, for example, result in a person’s name, address and other personal details being made publicly available.
GDPR was developed in response to these concerns, as a means to specify how consumer data should be used and protected. GDPR came into force on the 25th May 2018. It replaced the existing data protection framework under the EU Data Protection Directive. All organisations involved in the control of or the processing of personal data are affected by the regulation.
The GDPR significantly increases the obligations and responsibilities for organisations in how they collect, use and protect personal data. Organisations and businesses need to be fully transparent about how they are using and safeguarding personal data. Additionally, they need to be able to demonstrate accountability for their data processing activities.
The Data Protection Commissioner currently has the ability to fine companies who are found in breach of the existing guidelines, the GDPR significantly bolsters these fines: non-compliant companies may be subject to fines of up 4% of global turnover or €20 million – whichever is greater.