GDPR – Frequently Asked Questions
So. When is go live date for GDPR?
GDPR go live date is on the 25th May 2018
What is GDPR?
In simple terms it gives power back to the individual and provides a framework to businesses in how they must process and manage your data. At any point the individual or ‘Data Subject’ can request their data to be removed, updated or forwarded on, known as porting.
Do we have to be compliant by this date?
Well yes. If you are a business that processes personal data on a large scale, such as a council or bank for example then you should already have got the wheels in motion and fully understood the requirement and implemented a lot of the controls already.
However if you still have don’t have an action plan in place, now is the time to access how this regulation affects your business and decide what measures need to be implemented. We like to think that if the business can demonstrate that they are in the process of being compliant then this is a good start.
We have a data protection policy in place, is this enough?
It’s a good start. However the whole point about GDPR is to give the ‘Subject’, which is yourself, total control over the data that businesses hold on you. So there are a number of key policies and procedures that you should have in place.
An example of these include:
Data Privacy Notice
Data Retention and protection Policy
Roles and Responsibilities
Data Subject Request Procedure
Consent Request Form
Personal data mapping form
Information Security Incident Response Procedure
You can get templates of these documents in our GDPR template kit.
Do we need a Data Protection Officer?
That really depends on the type of business you are. If you are processing personal data on a large scale then yes, a Data Protection Officer is a requirement. If not then you don’t have to worry about assigning a dedicated individual.
What is a data Controller?
This is the individual that decide what the data to collect and what it is used for.
What is a data processor?
An individual or organisation that handles data on behalf of the data controller.
What is the data Subject?
These are the individuals of the data you are collecting.
Do I still have to comply with GDPR if I am in a different country?
If you are processing EU citizen data then you must comply with GDPR.
What are the fines?
Below are a few example:
Severe – 20 million or 4% of your annual turnover (Unlawful processing or not cooperating with the ICO)
Less Severe – 10 million or 2% of your average turnover (Not reporting breech in time or failing to get consent for data subject)