01732 759725
GDPR
32
A purpose-fitted double decker bus
toured the country between May 23
and June 8 to help companies across
the UK prepare for this new EU data
protection regulation. Dubbed the
GDPR Clinic tour, the bus stopped at
nine key locations between York and
London.
The GDPR is a new set of obligations
from the European Parliament for businesses
on issues related to the data protection
rights of all European Union (EU) residents.
The new regulations cover breaches and
breach notification, consent, and the right to
be forgotten, to name just a few.
Companies based in the EU already
adhere to legislation in each member state
that is consistent with GDPR’s predecessor,
the Data Protection Directive (DPD) of
1995, however significant changes with
GDPR can result in hefty fines if found
uncompliant. Overall, the new protections
for EU nationals have been created to set
a more harmonic degree of unification
throughout the whole of the Union.
According to John Kay, Technology
Sales at Midshire, GDPR will affect every
UK organisation that processes the
personal data of EU residents. He said that
Gemalto’s GDPR Clinic is a really innovative
way of giving organisations concerned
about data protection an opportunity to
brush up on the new regulations, and learn
about how the changes might require them
to refresh their internal policies.
Here, Kay answers some frequently
asked questions about GDPR.
Q:
So what counts as a breach?
A
:
Under both GDPR and its predecessor,
‘personal data’ means ‘any information
relating to an identified or identifiable
natural person’, (or the ‘Data Subject,’ so
the person the data belongs to). The new
law also gives a lengthy definition of what
a personal data breach actually means,
defining it as ‘a breach of security leading
to the accidental or unlawful destruction,
loss, alteration, unauthorised disclosure
of, or access to, personal data transmitted,
stored or otherwise processed.’
Now, the fact that this new definition
is so long, means that businesses cannot
afford to have unclear internal policies
on data protection, as the new definition
Midshire partnered with international digital security giant Gemalto to raise
awareness of the General Data Protection Regulation (GDPR), which is being
introduced on May 25 2018
Midshire runs
GDPR Clinic tour
has vastly increased the scope of data
protection law.
Q:
How will Brexit affect GDPR?
A
:
In a nutshell, not at all. When GDPR
comes into effect on May 25 2018, the UK
will still be a part of the EU and will remain
in it for almost a year until leaving the
Union on March 29 2019.
I think that the uncertainty of Brexit
has caused many businesses to take their
foot off the gas when it comes to EU
Parliamentary law, but really businesses
should be striving to keep up-to-date with
the latest policies.
The UK government has also shown its
intent on fully integrating GDPR policies
in the UK, even after Brexit. It is likely that
the main reason for this is for a smooth
negotiation process on Britain leaving
the EU, and a continued free flow of
data between EU member states and the
UK. The free flow of data is particularly
important today, because it is crucial for
data to be shared between countries for
security purposes.
Additionally, it would be ideal for the
UK to remain a force and beacon for other
countries to look to when it comes to the
data protection of its citizens by setting a
high standard for such protections.
Q:
What do I need to do if a breach
occurs?
A
:
In the unfortunate event of a breach of
The new law
also gives
a lengthy
definition
of what a
personal
data breach
actually
means
John Kay,
Technology Sales,
Midshire
