This is a legal framework that sets guidelines regarding the collection and processing of the personal Data of individuals within the European Union (EU). It is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU states. The General Data Protection Regulation (GDPR) (EU) 2016/679 is designed to protect natural persons with regards to the processing of personal data and on the free movement of such data. It is the result of cries from firms, operations and individuals concerning the breach of their personal data and its unauthorized use in public domain. It also addresses the export of personal data outside the EU and European Economic Area (EEA).
The GDPR which is the result of the mutually agreed European General Data Protection Regulation (GDPR) will come into force on the 25th of May 2018.
WHAT IS PERSONAL DATA
Legally, personal data refers to any information relating to an identified or identifiable individual. An identifiable individual is someone who can be identified directly or indirectly in particular by reference to an identification or social security number or one or more factors specific to his physical, physiological, mental , economic, cultural or social identity like name, first name, date of birth, biometrics etc.
WHAT CONSTITUTES A BREACH OF DATA/DATA PROTECTION
This is a confirmed happening, incident or situation in which sensitive, confidential protected data has been accessed or disclosed without the required level of authorization.
A SUMMARY OF THE GENERAL DATA PROTECTION REGULATION (GDPR) FOR BUSINESSES
After years of painstaking research, consultation and implementation the GDPR is set to come into play for businesses at all level. Companies, firms and corporations are supposed to key into this legislation and ensure its implementation to the fullest. Its effective date for kick – off is the 25 th of May 2018. There are tougher fines and strict sanctions for firms who do not comply with this regulation.
Overview
The GDPR is built around two key principles and they are;
1. Giving citizens and residents more control of their personal data
2. Simplifying regulations for international businesses with a unifying regulation that stands across the European Union (EU)
The GDPR will apply to any business established in the EU and may apply to companies based outside of the EU that process the personal data of EU citizens in certain circumstances.
SUMMARY OF THE GDPR AS IT CONCERNS BUSINESSES
The summary of the GDPR as it concerns businesses is outlined below;
• Businesses whose activities involve ‘regular or systematic’ monitoring of data subjects on a large scale (in other words processing extensive personal information), or which involve processing large volumes of ‘special category data’ must employ a Data Protection Officer (DPO). Their role will be to ensure the company complies with the obligations under the GDPR. They’ll also be the contact for any data protection queries
• The GDPR may apply to any business that processes the personal data of EU citizens, including those with fewer than 250 employees (contrary to common misunderstanding).
Serious breaches (that is, any breach which has an impact on the rights of data subjects) must be reported to the regulator (in the UK this is the Information Commissioner’s Office (ICO)). This should be within 24 hours where possible, but at least within 72 hours and the report must include information regarding what led to the breach, how it is being contained and planned next steps
• Individuals will have more rights on how businesses use their data. In some instances, they have the ‘right to be forgotten’ if they no longer want you to process their personal data and you have no other legal grounds (for example the individual is no longer a customer so your contract with them no longer gives you a legal right) to keep the data.

GDPR CHECKLIST FOR SMALL BUSINESSES
• Failure to comply will result in harsher penalties. Currently, the ICO can fine up to £500,000 but the GDPR will allow fines of up to €20 million or four per cent of annual turnover, whichever is higher.
Remember, your checklist needs to take into account past and present employees and suppliers as well as customers (and anyone else’s data you’re processing which includes collecting, recording, storing and using the personal data in any way).
1. Know your data. You’ll need to demonstrate an understanding of the types of personal data (for example name, address, email, bank details, photos, IP addresses) and sensitive (or special category) data (for example health details or religious views) you hold, where they’re coming from, where they’re going and how you’re using that data.
2. Identify whether you’re relying on consent to process personal data. If you are (for example, as part of your marketing), these activities will become more difficult under the GDPR because the consent needs to be clear, specific and explicit. For this reason, you should avoid relying on consent unless absolutely necessary.
3. Look hard at your security measures and policies. You’ll need to update these to be GDPR-compliant, and if you don’t currently have any, get them in place. Broad use of encryption could be a good way to reduce the likelihood of a big penalty in the event of a breach.
4. Prepare to meet access requests within a one-month timeframe. Subject Access Rights are changing, and under the GDPR, citizens have the right to access all of their personal data, rectify anything that’s inaccurate and object to processing in certain circumstances, or completely erase all of their personal data that you may hold. Each request carries a timeframe and deadline of one month (which can only be extended in mitigating circumstances), from the original date of request.
5. Train your employees, and report a serious breach within 72 hours. Ensure your employees understand what constitutes a personal data breach and build processes to pick up any red flags. It’s also important that everybody involved in your business is aware of a need to report any mistakes to the DPO or the person or team responsible for data protection compliance, as this is the most common cause of a data breach.
6. Conduct due-diligence on your supply chain. You should ensure that all suppliers and contractors are GDPR-compliant to avoid being impacted by any breaches and consequent penalties. You’ll also need to ensure you have the right contract terms in place with suppliers (which puts important obligations on them, such as the need to notify you). promptly if they have a data breach). See ‘How can I check my suppliers are GDPR-compliant?’ further down.
7. Create fair processing notices. Under GDPR, you’re required to describe to individuals what you’re doing with their personal data.

https:///X4vFHs

cc; lalasticala