The General Data Protection Regulation (GDPR) is Europe's new framework for data protection laws. Although it has been in effect since its publication in May 2016, it will be enforced from 25th May 2018 when it will replace the 1995 data protection directive.
The EU's GDPR website says the legislation is designed to "harmonise" data privacy laws across Europe as well as give greater protection and rights to individuals. Within the GDPR there are large changes for the public as well as businesses and bodies that handle personal information.
The UK Information Commissioners Office (ICO) has produced a comprehensive but easy-to-follow guide on how to get your business ready for GDPR compliance.
Read full details about how Curo's preparations for GDPR compliance are progressing.
The key points, explored in further detail in other linked articles in our helpdesk, are:
- be able to demonstrate compliance to customers from whom you collect personal data
- be clear about the legal basis for collecting and processing personal data
- the data subject's right to see what data is held on them, and how it is collected/shared
- the data subject's right to extract and take their personal data elsewhere in electronic form
- the data subject's to have their data corrected if necessary
- the data subject's right to be have their data erased (subject to some constraints)
- have processes in place to deal with data breaches within established timescales
- significantly increased fines for non-compliance with GDPR