43a Ash Street Southport PR8 6JE[email protected]

GDPR – General Data Protection Regulation

1. GDPR – General Data Protection Regulation

General Data Protection Regulation (GDPR) is an updated set of regulations approved by parliament in April 2016 and validated in all EU languages in May 2016; this was then enforced across the EU on May 25th 2018.

1.1 Fines

Since the introduction of GDPR, many companies have changed how they process data to ensure they remain compliant with new rules and regulations. Failure to follow these rules can amount to huge fines that companies should aim to avoid. Companies who break these rules can look forward to fines depending on the severity of the violation; fines of up to 20 million Euros or 4% of the companies’ global earnings for their preceding fiscal year, whichever is greatest. That is the worst-case scenario. For those who face minor charges, their bill can still be up to 10 million Euro or 2% of their global turnover.

companies who become GDPR compliant do so not just to avoid huge fines; but also, so they can set up safeguards to increase a customers’ trust with the company and prevent disruption to their business. For those businesses that fail to protect their customer’s data and are the target of a data breach, they must notify data protection authorities within 72 hours of its discovery. This is where these fines come into play with businesses and becomes a huge incentive for companies to guarantee compliance to GDPR.

1.2 Amendments

There are areas within GDPR that have been introduced since it replaced the Data Protection Act 1998 (DPA)/Data Protection Directive 1995; these principles are Lawfulness, fairness and transparency, Purpose limitation, Data minimization, Accuracy, Storage limitation, Integrity, confidentiality (Security) and Accountability. These principles should be at the core of processing personal data within companies. The table below shows the GDPR principles as they have changed from DPA 1998.

GDPR 2018

DPA 1998

Principle (a) – Lawfulness, fairness and transparency Principle 1 – fair and lawful.
Principle (b) – Purpose limitation Principle 2 – Purposes
Principle (c)  – Data minimisation Principle 3 – Adequacy
Principle (d) – Accuracy Principle 4 – Accuracy
Principle (e) – Storage Limitation Principle 5 – Retention
No Principle – Separate provision in Chapter III Principle 6 – Rights
Principle (f) – Integrity and confidentiality Principle 7 – Security
No principle – Separate provisions in Chapter V Principle 8 – International Transfers
Accountability Principle No equivalent

Leave a Reply

Your email address will not be published. Required fields are marked *