EU General Data Protection Regulation (GDPR) and you!
You may have heard whispers of a change to the Irish Data Protection Acts recently in the Irish Media, but switched off before you could figure out what it is all about, we have taken out the legal jargon and simplified the key points for you:
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new piece of legislation which will become law in Ireland and all EU member states and will replace our current Irish Data Protection Regulations. Its aim is to provide one set of Data Protection Regulations for all 28 EU member states rather than having 28 different sets of rules across the European Union.
When will the GDPR come into force?
The GDPR will come into effect across Europe on the 25th of May 2018
What are the major changes?
The new regulations will give you, the consumer greater control over how your personal data is handled with the aim of helping to improve digital trust in the European Economy.
Why is it relevant to me?
The GDPR aims to protect your data and the way it is used by companies or people that have access to it. The main changes are:
- The right to know when your data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate all high-risk breaches as soon as possible to the person affected so that users can take appropriate measures.
- The Right to be forgotten (Right to erasure): A data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.
- The Right to restriction of processing: A data Controller will have to ensure that they have the specific authority to use a person’s data for a specific purpose.
- The Right to Compensation and Liability: A person who has suffered material or non-material damage as a result of an infringement of the Regulation shall have the right to receive compensation from the company/person handled their data for the damage suffered.
- A person can request access to their data and this will be free once the Regulation is in force (the current charge is €6.35) and the request must be complied with within a period of 30 days (currently 40).
It is your right to know who has your data, how it is handled and for what reason, while the new legislation will not be coming into effect until May 2018 – there is still some time for you to familiarise yourself with these coming changes.