GENERAL DATA PROTECTION REGULATION (GDPR) - 10 KEY FACTS
There is lots of talk and hype around GDPR and what it means for your business. We have looked at some of the key General Data Protection Regulation features and changes that you should know about and listed them below.
CLICK TO EXPAND EACH SECTION TO LEARN MORE
As an early example of indicative fines: 1) Hampshire County Council – In August 2016, Hampshire County Council was hit with a £100,000 fine by the Information Commissioner’s Office (ICO) after documents containing personal details of over 100 people were found in a disused building. Files were found containing Social Care cases and complaints. The documents contained confidential information and sensitive (personal) data. It also found 45 bags of confidential waste in another locked room. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000.
The 3 main criteria under which you must appoint s DPO is (Article 35) is if your core activity in:
1. ‘large scale’ systematic monitoring of individuals;
2. ‘large scale’ processing of sensitive data; or
3. Mandatory for public authorities.
For reference, the exact mandate (Article 35) words are:
“(a) a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
(b) processing on a large scale of special categories of data referred to in Article 9(1), or of personal data relating to criminal convictions and offences referred to in Article 10; or
(c) a systematic monitoring of a publicly accessible area on a large scale.”
A DPO can either be a part-time role or combined with other duties. In performing the role, the DPO must however have an independent reporting line (like most compliance officers), be empowered and report directly to the Board without interference.
WHAT IS GDPR?
On the 25th May 2018, the European General Data Protection Regulation (GDPR) will supersede national laws such as the UK Data Protection Act, unifying data protection and easing the flow of personal data across all 28 EU member states.
ARE YOUR MFDs SECURE?
Printers and Multi-Function Devices (MFDs) are intelligent networked assets, that like a PC contain a screen, a keyboard, a hard drive (which can potentially store sensitive information), and an Operating System (OS). This makes them a key area to manage as part of your overall preparation for GDPR compliance.
BE PREPARED FOR GDPR
There are some very basic and core recommendations that KYOCERA suggests to “avoid the fine” and ensure that your organisation is compliant.
CLICK TO FIND OUT MORE ABOUT OUR 7 KEY STEPS TO PREPARE FOR GDPR