GDPR OVERVIEW

Data Protection and the GDPR

What is the purpose of the GDPR?

People want to have more control over the use and misuse of their personal data.

The GDPR protects individuals from any harm that can be caused by the processing of their personal data by organisations and penalises organisations (including individuals) for processing such personal that breaches the provisions of the GDPR. The GDPR also enables individuals to bring actions against the responsible person or organisation both for damages and compensation.

The GDPR recognises the harm that can occur as a result of an organising breaching the key principles under the GDPR. It also provides enhanced individuals rights!

Territorial Scope

Essentially it will apply to any individual or organisation that processes personal data of natural living persons that reside in Europe whether or not they are European citizens or not.

In addition it may apply to organisations that operate outside Europe.

There are however ‘exceptions’ or ‘exemptions’ which will vary depending upon the member state country.

Material Scope

Personal data includes ‘Special Categories of Personal Data’.

Organisations now have to be extra careful if they are processing personal data which relates to health, biometric etc. The level of security required is higher.

What are the Fines?

There are two tiers:

Tier 1 – Up to 20 million Euro or 4% of the annual gross turnover which ever greater
Tier 2 – Up to 10 million Euro or 2% of the annual gross turnover which ever greater

Has the Information Commissioner’s Office (ICO) imposed any fine under the
GDPR/DPA 2018?

The ICO, which is the Supervisory Authority for the UK has fined Bounty (UK) Ltd £400,000 for illegally sharing personal information belonging to more than 14 million people.

Simple steps of not complying could lead individuals and organisations being fined heavily. As one can see from the case of Bounty (UK) Ltd the reputational damage quite often is irreparable.

How to Mitigate