GDPR is nearly here Most people will now have received a large number of emails from organisations pointing out new privacy policies and/or asking people to ‘opt in’ or resubscribe to promotional material and emails. The reason for this is the impending introduction on 25 May 2018 of the General Data Protection Regulation (GDPR) which is a new EU regulation on data protection. It affects everyone who does business with EU citizens and will affect business of all sizes. The Regulations deal with the holding and processing of personal data of Europeans. The new Regulations will mean: Genetic and biometric information will be included in the definition of ‘sensitive data’ Explicit consent may be required before someone’s data can be transferred outside the EU Consent will be harder to obtain and can be withdrawn at any time A new “right to be forgotten” could allow someone to request that content they are linked to is removed Using personal data must comply with one of six principles and an organisation must be able to demonstrate how it is complying A user’s IP address may be classified as ‘sensitive personal data’ More information must be included in a privacy notice Companies may be required to appoint a data protection officer Breaches of data protection must be reported within certain time limits, usually between 24-72 hours Supervisory authorities (like the Information Commissioner’s Office) can issue fines of up to 4% of global annual turnover for data breaches If you have not yet considered the impact of GDPR on your business, then you need to do so! To discuss this or any other company/commercial matter, contact us.