Any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Unleashed and GDPR
With the EU’s General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, here’s some information on what the GDPR is, how it will affect your business and what Unleashed is doing to get ready.
What changes will the GDPR bring?
The GDPR is a new regulation designed to secure the personal data rights of EU residents. It imposes new rules on organisations that govern how they process and store personal data. The GDPR also provides individuals with certain rights over their personal data, including the rights to access, correct and delete personal data.
How does the GDPR affect your business?
The GDPR applies to any organisation that processes personal data of European Union residents irrespective of where the organisation practices from.
Here are some reading resources about how the GDPR affects small to medium businesses.
- Frequently Asked Questions about the incoming GDPR – A list of FAQs about the incoming GDPR.
- The EU General Data Protection Regulation – IT Governance outlines the key elements of the GDPR.
- Preparing for the GDPR – The Information Commissioner’s Office has released a 12-step checklist on getting your business GDPR-ready.
- Intersoft Consulting GDPR – Intersoft Consulting transformed the official GDPR PDF to a browsable version.
What is Unleashed doing about GDPR?
At Unleashed, we understand the implications of the GDPR and see compliance as an opportunity for us to firm up our processes for all our customers and their data. Here’s what we’ve done to date:
- We have identified the areas in our product where we need to make changes in order to comply.
- We have engaged with our architecture and product teams to specify the changes required.
- We are mapping out our internal data flow and processes to ensure we are aware where all personal data is stored, transferred and processed.
- We are reviewing our contractual arrangements with our subprocessors and ensuring their processes are compliant.
- We have started our internal awareness and training campaigns.
What’s next for Unleashed?
Some key items we will be working on over the coming months are:
Planning to implement the required changes with regards to consent.
Updating our data breach and notification policies and procedures.
What constitutes personal data?
When is the GDPR coming into effect?
The GDPR was approved and adopted by the EU Parliament in April 2016 and will take effect on 25 May 2018.
Who does the GDPR affect?
The GDPR not only applies to organisations located within the EU, but also to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What are the penalties for non-compliance?
Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements. The rules apply to both controllers and processors, meaning ‘clouds’ will not be exempt from GDPR enforcement.
Do you have a Data Processing Addendum I can sign?