What is GDPR?
GDPR stands for General Data Protection Regulation and was introduced by the European Commission in January 2012 as part of the reform of data protection across the EU.
When and Why was GDPR Introduced?
The agreement as to what was to be enforced as part of GDPR and how was made in April 2016 and introduced by law in May 2018 and applies to all organisations, including businesses and individuals within Europe that hold any customer or user data.
The Data Included within GDPR
Under GDPR, user data can constitute photographs, email addresses, user names, names and address information as well as any information that can be used to identify an individual.
GDPR consists of a set of rules that were produced with an ideal that was to give European citizens greater control over their own personal data and to simply business regulation so that individuals and businesses benefit.
The GDPR reforms include laws and requirements as to how personal data, privacy and consent across Europe is managed, including by social media companies, banks, retailers and the government stores and controls personal data.
GDPR Compliance for Organisations
GDPR compliance means that organisations have to ensure that personal data of customers or users is gathered legally and that once stored it is protected from misuse and processed correctly or they would be in breach of the guidelines and face fines and penalties.
There are two types of handlers of data referred to within the GDPR legislation being ‘processors’ and ‘handlers’.
GDPR Handlers within an Organisation
A GDPR ‘controller’ is referred to as a “person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data” whereas a ‘processor’ is referred to as a “person, public authority, agency or other body which processes personal data on behalf of the controller”.
The GDPR Processor has legal obligations to ensure that personal records are correctly maintained and how it is processed.
The Controller has a requirement to ensure that they all contracts with handlers are compliant with GDPR.
Requirements of Organisations under GDPR
A major introduction of GDPR is to ensure that any individuals who have had their data breached by another party will be informed by the organisation and that the organisation will also immediately inform the relevant bodies within 72 hours of them becoming aware of it.
Failure to comply with GDPR legislation by a company depend upon the severity of the data breach and the steps taken by the company to prevent such a breach, however, may result in fines of up to 4% of turnover.
If information relating to an individual is breached then, under GDPR, the organisation is required to inform those individuals via a breach notification delivered directly to the affected parties.
The GDPR breach notification should include a summary of the information affected and an approximate number of records involved and potential use of that information by the third party as well as contact details of the data protection officer of the company.
The Access of Data for Individuals under GDPR
Individuals should also be provided with easier access to their own data following the introduction of GDPR and be informed as to how the holder of the information intends to use that data, including providing individuals with the ability to opt out of mailing lists etc more easily and to have their personal data deleted if they so require, providing that there are no grounds for retaining it.
Whilst the UK is due to leave the EU, the UK Government as already confirmed that it will not the enforcement of GDPR within the UK.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0330 123 4448 or via email on firstname.lastname@example.org, further details are available on out contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.