GDPR stands for General Data Protection Legislation. It is a European Union (EU) law that came into effect on 25th May 2018. GDPR governs the way in which we can use, process, and store personal data (information about an identifiable, living person). It applies to all organisations within the EU, as well as those supplying goods or services to the EU or monitoring EU citizens.
Why Was the GDPR Introduced?
Prior to 25th May 2018, the ruling UK data protection legislation was the Data Protection Act (DPA) 1998. The DPA was brought in at the end of the 20th century as computers became increasingly commonplace in businesses. However, by 2018, the DPA was admittedly outdated and no longer reflected the digital/technological age in which we live. For example, a vast proportion of individuals in the UK use social media, many of us possess more than one digital device (phones, tablets, laptops), and almost all businesses rely on computer networks. The digital world that we live in has changed the way we process information, and the laws were updated accordingly.
Protecting your Personal Data
It is the duty of all who handle personal data to protect it and make sure it remains secure. Good security practices surrounding your devices, e.g. laptops and phones, will prevent theft and unauthorised access to sensitive files. Creating a secure password helps to protect the personal data contained within your devices. Here is a checklist for creating a strong password:
- At least 8 characters long
- Contains upper and lower case letters, numbers and special characters
- Easy to remember e.g. based on a familiar word, but not easy for others to guess
Most individuals reuse passwords on multiple sites. After all, many of us have in excess of ten accounts, therefore it can be difficult to remember a complicated, secure and unique password for each. However, this means that a password leak off one website could have catastrophic effects as malicious individuals gain access to many of your account details with the same credentials. Use of a password manager can help to overcome this issue. It is software that generates and stores all of your passwords. Allowing you automatic access to your accounts and unique credentials for each.
Why is Compliance Important?
GDPR compliance is not optional in the EU, it is mandatory by law. The consequences of non-compliance could include a data breach, for which your organisation will be held accountable. Breaches can have substantial effects on the individual whose data is breached, including emotional, physical and material damage, as well as loss of rights and freedoms. Additionally, a data breach could have crippling effects on your business. The UK's data protection regulatory body, the Information Commissioner's Office (ICO), is capable of issuing fines up to €20 million or 4% of your annual turnover, whichever is greater. High profile breaches can also tarnish the reputation of organisations and lose them vital trade and profit. Data protection training allows learning of the vital data protection skills and knowledge to prevent your business from a breach.