The General Data Protection Regulation (GDPR) is new EU legislation that comes into force on 25th May 2018 and will apply to UK businesses of all sizes. We've put together an at-a-glance guide to GDPR in the form of five simple GIFs so you can prepare for the new rules.
GDPR Financial penalties - Increased fines
Penalties for not conforming to the legislation will increase under GDPR, creating a bigger risk for businesses. Under the existing Data Protection Act, security breaches could be met with a maximum fine of £500,000. With the introduction of GDPR, this increases to €20,000,000, or 4% of annual global turnover, whichever is greater.
The right of access
New rules around personal information mean that customers have the right to access any information held about them by a business or organisation. Businesses are also obligated to securely delete data if a customer decides to stop using their services and asks to be ‘forgotten’.
GDPR Breach Notifications and faster reporting
Under GDPR, companies will be held to stricter regulations on reporting major data breaches to the authorities and customers. A breach must be reported within three days if it’s likely to pose ‘a risk for the rights and freedoms of individuals’, and data processors will need to inform their clients immediately.
Personally Identifiable Information (PII data)
GDPR expands the definition of personally identifiable, or PII, data to include things like genetic information, photos, social media posts, and IP addresses.
Opt in, not out - explicit consent required
To gain data consent from customers, companies will have to use clear opt-in tick boxes, rather than a potentially misleading opt-out box that’s commonly used now.
Produced in collaboration with and Copyright © 2017 Virtual College.