GDPR – General Data Protection Regulation
What is GDPR?
GDPR (General Data Protection Regulation) also know as ‘EU 2016/679’ is an update to the current GDPR regulation which is now somewhat outdated. The existing directive came into effect in 1995 and was labelled 95/46/EC.
- It is quite simply a regulation enforced by the European Parliament on EU (European Union) member states for the handling of data, it also applies to those who process individuals data who are based within the EU.
- The new ‘EU 2016/679’ regulation was first published in the EU Official Journal on 4th May 2016, and 20 days later it entered into force. The applicable date whereby the regulation takes over its predecessor is 25th May 2018.
- Due to GDPR being a “Regulation” and not a directive, provisions are directly applicable in EU member states and they will not need to translate it into their own laws.
- This regulation has gone through four years of preparation and debate before it was finally approved by the European Parliament.
- Organisations who have not adopted the new GDPR or are still in a non-compliant state will face heavy fines.
- Due to its ‘extra-territorial scope’, this means all jurisdictions have to understand, and comply with, GDPR if they wish to do business with EU Member states. These territories will need to become GDPR equivalent.
Midshore recently held a seminar at the Guernsey Digital Greenhouse introducing GDPR to those who attended and the possible impacts it may have in Guernsey. A copy of the slides is available here:
Looking for our GDPR training & consultancy services?
Please head over to this page for further information.
What are its objectives?
The GDPRs primary objectives are
- Give EU Citizens back control of their personal data
- Simplify the regulatory environment for international business by unifying it
To achieve this, the new regulation has to heavily account for “the internet” and the way we use handheld devices – as back when 95/46/EC was written the internet was in its infancy.
The regulation does not apply for B2B – it is for the individual.
Who will GDPR apply to?
The definitive list is quite simple:
- Controllers or processors established in the EU
- Controllers or processors not established in the EU but offering goods or services to clients within the EU
- Any businesses wishing to do business with a ‘data subject’ (individual) who is based in the EU
Guernseys approach to GDPR
Falling under the “extra-territorial scope” Guernsey does need to act to ensure we are able to continue working with EU businesses & individuals. To achieve this, the States of Guernsey (SoG) are currently finalising and amending their own equivalent version of the GDPR.
A worst case scenario of being found non-compliant and therefore blacklisted is not an option for Guernsey. So this proactive approach by the SoG is welcomed. A high level of engagement with the EU will be had alongside Jersey in order to assure requirements are fully met and our approved status remains unchanged.
It will be heavily based on the EU version and therefore until a final version is released, it would be good practice to align your business procedures to the EU GDPR.
Midshore will be offering full consultation and training procedures for how to deal with GDPR. Shortly we will be releasing training videos using our upcoming online training platform to familiarise yourself with GDPR and its impact on your business.
We are always happy to discuss any other requirements, questions or similar. Please contact us for further information.
Midshore’s Christopher Jehan has recently accepted the role of Chairman of the Association of Data Protection Officers. www.adpo.co.uk
GDPR Info Pack
Shortly Midshore Consulting will be releasing a GDPR info pack including:
- Key changes
- How to prepare
- 12 steps to GDPR equivalence