What is New in GDPR

General Data Protection Regulation

Technological advancements have truly reached heights over the last two decades beyond people’s imagination. Communication has evolved into a form of standard business for many organisations that rely on these recent developments to do their daily errands. These developments that are designed to innovate our current lifestyle and operation of organisations to lead a much more convenient and flexible task force. Many businesses have shapeshifted into become a success utilizing the firepower of these new tools that are introduced. However, as these advancements and developments rapidly strengthen the society, the Data Protection Regulations has begun to lose to cover over its contents. As the Data Protection Regulations has not been revised over twenty years, the government has decided to alter and re-introduce the regulation in the name of General Data Protection Regulation (GDPR) to make it a safer environment for its citizens. They Highlight the importance that people should understand their rights to how to handle their personal data with organisations. Secondly, it is mentioned that the business only has data that is relevant to them with mutual interest and with consent. Finally, as there has been many major cyber attacks on the business that has endanger large quantities of data, it is to prevent any further risks by cyberattack. The new regulation that is due to take its place on the 25th May 2018 has its own initiative procedure.  Data processors and Data controllers must redesign their operations in most scenarios to comply with the new legislation. The controller determines the purpose and means of processing personal data and the processor is responsible for processing personal data on behalf of a controller.

Data Protection Regulation might have been altered and polished however the assurance of preventing breaches comes with a heavy fine. €20,000,000 or 4% of the total revenue the business generates, which ever sums to be the highest for any breach.

FAQ

What is GDPR?
General Data Protection Regulation (GDPR) is a replenished data protection law governing methods to store and process any data that a subject could be identified.

What is Personal Data?
Any data that include personal images or information including Name, gender, address, DOB, NI Number, Contact details, taxation information, company details and CCTV Images. There is also segregated with sensitive data including information such as regarding criminal convictions, sexuality and medical history.

Who is Responsible?
Everybody is responsible for the data. The organisation that holds and processes the data is known as the ‘Data Controller’ and has the legal responsibility for what personal data is held.
Please note: If you are a large firm, you may need to appoint a Data Protection Officer (DPO)  
Does that mean you cannot contact people?
No, you can still contact people with proven mutual interests. Ensure you provide the option to communicate further or unsubscribe and gain a consent to continue to work together.
How to be complaint with GDPR?
Analyse the data the company collect and establish your legal reason to why you collect the stated data.
Please note: You can find more information on legal reasons available on the information commissioner’s office website, http://www.ico.org.uk/.

Terms of GDPR
1. The Data Controller should gain all necessary consents from all the Data Subjects that relates to Data Processing.
2. The Data Processor shall not delete or remove any registered notices containing Data Controller Data. The processor shall not store, copy, disclose, or use data controller data except necessary for the performance to its obligations.
3. The data processor shall provide the company with full cooperation and assistance in circumstance of complaints.
4. The Data processor shall:
a. Obtain written consent prior from the company to transfer personal data to any sub-contractor.
b. Process personal data only to an extend necessary for the provision of the service

The General Data Protection Regulation sets a new level of standard for consent.  Consent is defined as an individual giving a clear accord to process their data for a purpose. Consent require a three-stage process; Asking for consent, Recording Consent and Managing Consent. The overall concept for sharpening the consent stage is to supply individuals with confidence in taking charge of their data. The individual will now hold authority to request information from any institution.

There have been several analysts who have reviewed GDPR and pointed out that most contents have been polished but very little new content has been added. The ultimate question is to why the launch of this new legislation caused a panic in the trading world. The consequences of any breaches are the sole reason that began to shake the industry with fear. Operations began to take it very seriously and aligned themselves to be GDPR compliant.

Medico Partners have been very cautious of our candidate’s interests. We organise and manage our data according to our candidates’ preferences and we are confident this will continue to fulfil the needs of GDPR.