The primary purpose of the GDPR is to increase trust in online services to enable economic growth in the digital age.
• Only 15% of people believed they had full control over their data.
• Over 70% of EU citizens have low/no trust in online services.
The GDPR introduces best-practice standards that enable organisations to meet the expectations of the digital market consumers, while providing the regulators with the powers to penalise and/or sanction abusers.
The GDPR is an EU legal structure that applies globally to any organisation dealing with EU citizens, regardless of where the organisation may be based.
The DNA of the GDPR goes back to the 1953 EU Human Rights Convention. As technologies have advanced the law has been updated to protect those fundamental human rights.
The current EU (1995), UK (1998) and C.I. (2001/2005) laws are out of date.
• The first commercial transaction on the internet was in 1995, since then the internet has exploded, along with abuses of personal data.
• Smart phones/devices start to proliferate from 2007, expanding the internet issues into all walks of life and all age-groups (i.e. Children became exposed to ‘grooming’).
The GDPR focuses on protecting personal data of all EU/UK and C.I. consumers, children and vulnerable groups.
By assuring privacy and security, organisations that comply with the GDPR can build trust with customers, while customers can be confident that their data is protected to high standards and that they can have full control over their personal data.
• Full details of the core principles, consumer rights and other features of the GDPR are available in our free GDPR 12-Step Guide
It is important to understand that the GDPR is a regulation, not a directive:
• The EU Data Protection Directive (EU DPD, 1995) allowed EU member states flexibility in how it was applied and enforced (if at all).
• The General Data Protection Regulation applies equally to all EU/EEA member states, and all territories worldwide that are handling information on EU citizens.
• The articles, compliance measures, enforcement and penalties are highly prescriptive; allowing low/no flexibility.
Up to €20 million, or 4% of global turnover Whichever is the higher
• The fines apply to each data breach event (not each data record breached).
• Maximum fines will be applied where it is clear the breach was caused by negligence or abuse.
• Negligence/abuse can expose officers to further criminal and civil actions.
Many organisations are unsure if or how the GDPR may apply to them.
We have prepared a simple self assessment based on the most important exemptions that are included within the law.
• Take our quick self-assessment here.
Download our GDPR 12-Step Programme guide to understand what you are required to do, and prove that you have done it (the GDPR is all about having evidence, not opinions).
You can purchase our GDPR FastTrack Toolkit and get a head-start. For most small businesses this will help you get a long way toward compliance while saving you many weeks of work and thousands of ££ £’s of legal or other costs.
Salvus can provide you with a full Outsourced Data Protection Officer (O-DPO) service that is designed to take circa 1 day of your time from start to finish.
Salvus focuses on cost effective solutions that deliver high efficiency. We can usually deliver clients a total payback of their GDPR solution investment (consultancy, training, policies & tools) within less than a year, while year 2 performance will increase payback to the organisation.
• Salvus can prove that technology is the most economically viable solution to regulation in the digital age.
We work with the best technology solution providers in the world, including Microsoft and others.
Click here to review the benefits of Salvus solutions to GDPR.
Click here to review our tools/technology partners.