To ensure that the laws overseeing our personal data are fit for purpose, new rules have been created. The agreed General Date Protection Regulation (GDPR) which will replace the current Data Protection Act will come into force on May 25, 2018. The new law will result in changes to the way businesses and public-sector organisations handle sensitive information from their customers.
There are two-types of Personal Data:
Personal Data can be anything that allows a living person to be directly or indirectly identified (name, address or even an IP address)
Sensitive Personal Data: These includes a person’s trade union membership, religious belief, political opinions and racial information.
GDPR has been placed to help safeguard personal data with emphasis on transparency and accountability. If an organisation does not process an individual’s data the correct way, they can be fined. They can also be fined if there is a security breach.
GDPR states smaller offences could results in fines of up to $10 million or 2 per cent of a firm’s global turnover (whichever is greater). Those with more serious consequences can have fines of up to $20 million or 4 per cent of a firm’s global turnover (whichever is greater).
