Has your office been buzzing with talk about the new General Data Protection Regulation (GDPR)and the effect of this upcoming legislation on your business? Find out GDPR important facts, who it effects, what steps you need to take now to comply and what Highstreet.io is doing to be compliant.

What is GDPR?

GDPR stands for General Data Protection Regulation. The EUGDPR.org website states “The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”

When does GDPR come into effect?

In May of 2018, the GDPR will become fully enforceable throughout the European Union.

Who does GDPR affect?

The EUGDPR.org website states “The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”

What steps you need to take now to comply

Many of the GDPR concepts and principles are similar to those in the current Data Protection Act (DPA). If you are complying with the current law then your compliance standards will remain valid under the GDPR. However, because there are significant enhancements to the current regulation you made need to revisit the structure and process you’re following to comply with the new regulations.

The ICO is producing new guidance and other tools to assist you, as well as contributing to guidance that the Article 29 Working Party is producing at the European level. These are all available via the ICO’s Overview of the General Data Protection Regulation. The ICO is also working closely with trade associations and bodies representing the various sectors – you should also work closely with these bodies to share knowledge about implementation in your sector.

It is essential to plan your approach to GDPR compliance now and to gain ‘buy-in’ from key people in your organization. You may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. In a large or complex business, this could have significant budgetary, IT, personnel, governance and communications implications.

The GDPR places greater emphasis on the documentation that data controllers must keep demonstrating their accountability. Compliance with all the areas listed in this document will require organizations to review their approach to governance and how they manage data protection as a corporate issue. One aspect of this might be to review the contracts and other arrangements you have in place when sharing data with other organizations.

What is Highstreet.io doing to be compliant with GDPR?

We’re ahead of the game and have been given the go-ahead by a technology privacy lawyer that we are compliant with the upcoming GDPR regulations.

Important elements we’ve addressed within our compliance are:

1. Awareness
2. Information we Possess
3. Privacy Policy Communication
4. Individual Rights
5. Subject Access Requests
6. Consent
7. Data Breaches
8. Processing Personal Data
9. Data Protection Officers
10. International Data Collection

If you have any questions regarding our GDPR compliance please email us at info@highstreet.io.