General Data Protection Regulations (GDPR)
The new GDPR rules come into force on the 25th May 2018 and are designed to harmonize the data privacy laws across Europe and the EU.
The GDPR deals with the use and storage of personal data.
What is personal data under the GDPR?
The EU has substantially expanded the definition of personal data under the GDPR. To reflect the types of data that organisations now collect about people, online identifiers such as IP addresses, now qualify as personal data. Other types of data are now also considered personally identifiable. Information such as:
- Economic
- Cultural heritage
- Mental Health details
Pseudonymised personal data may also be subject to GDPR rules, depending on how easy or hard it is to identify whose data it is.
Anything that counted as personal data under the Data Ptrotection Act also qualifies under the GDPR.
Why you must not ignore GDPR
If you don't follow the basic principles for processing data, such as consent, ignore individuals rights over their data, or transfer data to another country you will be subject to fines. Your data protection authority could issue a penalty of up to €20 million or 4% of your global annual turnover, whichever is greater.
Why ThinkMarble?
We have combined our global Information Security experience with a dedicated in-house GDPR team led by a Data Protection Lawyer with over 30 years experience. This places us in a very strong position providing assessment, advice and guidance through the Perfect Storm of Information security and GDPR.