Over the last five weeks, we have been breaking down the parts of the General Data Protection Regulation (GDPR) that matter most to you. From changes to consent to the Brexit factor, we’ve lifted the lid on the GDPR so you can crack on with your compliance processes over the next 12 months. In the final instalment of the series, we’re delving into the practicalities, by running through the new responsibilities for UK businesses.
To begin, let’s establish the difference between a data controller and a data processor, so you can assess which responsibilities apply directly to your business.
A data controller is the person or group of people that handles the data of the data subject (the person whom the data is about), deciding how and why it is processed.
A data processor is exactly as implicated on the tin. It is the person or group of people who process the data on behalf of the controller. That’s us at UKFast.
The GDPR introduces new responsibilities for both groups:
Data controllers must…
• Process all personal data in compliance with the GDPR and be able to provide evidence of this to the relevant supervisory authority.
• Have the data subject’s consent to use their information and provide accessible and detailed records of how that data is used, where and by whom.
• Make it as easy as possible for data subjects to withdraw their consent and move their information from one provider to another.
• Work very closely with their data processor.
Data processors must…
• Keep detailed records of processing operations and activities.
• Make sure the appropriate security standards are in place.
• Comply with rules on international data transfers and co-operate with national supervisory authorities.
• Work very closely with data controllers.
If this is the first you’re reading about your new responsibilities under the GDPR, now is the time to sharpen up your operations and dive into becoming compliant.
Failing to become compliant in time could lead to fines of up to £17.25m or 4% of your organisation’s global annual turnover – whichever is greater – and could lead to irreparable damage to your business’s reputation.
To find out more about how the GDPR will impact your business and what you will need to do over the next 12 months to become compliant, download our latest whitepaper; GDPR is around the corner: Are you ready?
You can access the entire GDPR blog series here: