You’ve probably heard of the new EU General Data Protection Regulation (GDPR), set to come into force next year, but do you know how it will impact your day-to-day job? If the answer is “no” this blog is a must read as the implications of not following the new legislation could lead to hefty fines.
Simply put, it is a set of new data protection obligations all organisations within the EU must adhere to, and which are designed to give individuals greater rights over how their personal data is used. It will also apply to businesses that fall outside of the EU but provide goods and services to individuals from EU Member States.
GDPR introduces changes around two key areas:
Clients and candidates will have greater say in who holds their data and how it is used, and failure to meet obligations could incur a fine or other penalties – potentially damaging your finances and reputation.
Good question, not until 25 May 2018, which means you have a good amount of time to prepare for the changes and develop robust data protection procedures both individually and as an organisation. Brexit won’t make a difference as the government has already said they intend to implement the GDPR regardless through a new data protection act.
What are the major changes for you?With the introduction of greater individual rights over data, there are four key things you need to be aware of when it comes to processing candidate and client data. When GDPR launches, individuals gain additional rights including:
You could be required to pay a hefty fine or face other penalties. Fines are set in two tiers, detailed below, and are at the discretion of the supervisory authorities so the Information Commissioner’s Office in the UK.
While a lot of changes will happen at a company-wide administration level, there’s nothing to stop you becoming more data protection aware in your day-to-day work. Taking steps to improve data protection and your awareness of key issues now will save you a lot of stress early next year. So: