Like it or not, GDPR is going to impact all companies. As an example, consider the amount of personal data you hold on just your employees and LOSCs!
GDPR came into force in May 2016, with a two-year transition period becoming enforceable from 25 May 2018. The principles are very similar to EU Data Protection Directive, however, the GDPR contains a number of changes including:
- Enhanced documentation to be kept by data controllers
- Enhanced privacy notices
- More prescription rules on what constitutes consent
- Mandatory data breach notifications requirements
- Enhanced data subject rights
- New obligations on the data processor
- Expanded territorial scope
- Appointment of Data Protection Officers
- A significant increase in the size of fines and penalties
3 May 2018 – 22 days to GDPR enforcement
As part of GDPR you must document your processing activities and maintain records on several things such as processing purposes, data sharing and retention.
FIS is currently reviewing its Privacy Notice. We are looking at the data we gather through our website and content management system, analytics and cookies.
What should you include in your Privacy Notice?