The GDPR (General Data Protection Regulation) is an important piece of EU legislation that came into effect on the 25th May 2018. The GDPR replaces the 1998 Data Protection Act and is designed to strengthen and unify data protection laws for all individuals within the EU.
At GetRAM we are committed to protecting your privacy and to remaining compliant with the latest regulations.
If you would like to know more about the GDPR we have summarised the important bits below and you can find all the specifics on the Information Commissioner’s Office website.
More control for individuals
The GDPR provides expanded rights for individuals in the EU by granting them the right to be forgotten and to request a copy of their personal data.
Transparency and privacy notices
Organisations must be clear and transparent about how personal data is going to be processed, by whom and why.
Obtaining valid consent
There are stricter rules for obtaining consent which means among other things, that pre-ticked boxes and inactivity will no longer suffice as consent.
You must identify and document the lawful basis for any processing of personal data.
The GDPR requires organisations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
Data transfers outside the EU
The transfer of personal data outside the EU is only allowed to designated countries, those complying with an approved certification mechanism (e.g. Privacy Shield) or through model contracts or binding corporate rules.
Data breach notification & security
The GDPR requires organisations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organisations.
Data protection officer (DPO)
The appointment of a DPO is mandatory for some organisations.
Data protection by design and by default
There is a requirement to build effective data protection practices and safeguards from the very beginning of all processing.