What you need to know about GDPR

Published on the 29/05/2018 | Written by Paul Matthews


What you need to know about GDPR

GDPR went live on 25 May - but how does it affects you?...

So what’s all the fuss about? It’s actually a really significant change to the rules around personal data, and it really does affect you.

Here’s a quick summary:

  • The EU says the changes attempt to “harmonize data privacy laws across Europe, protect and empower all EU citizens data privacy and reshape the way organisations across the region approach data privacy.”
  • One of the more controversial impacts of the new rules, and the reason it has such a world-wide impact, is what they call the “extra-territorial applicability“.  This means that it applies to all companies worldwide who are dealing with information about people residing in the EU, even those simply offering goods or services to EU citizens. It hits everyone and it’s huge.
  • One of the key changes is around consent. Basically if a company is going to store or process personal data such as names, email addresses and the like, it needs to have explicit consent. The small print in the middle of a 10-page “terms and conditions” aren’t enough – it has to be in complete plain English.
  • The method of consent has to be recorded as well and proper records kept. This is significant – for example, if you have a mailing list you need to be able to show when people opted in and how.
  • The fines are huge too. Companies can be fined up to 4 percent of their annual global turnover for breaches, with big fines for even seemingly minor issues.
  • Companies must now also tell people if they’ve had a breach. We’ve seen a heap of this lately – people’s information being stolen and companies keeping it quiet to try to avoid reputation damage. Do that now and it could cost 2 percent of global revenue.
  • Other changes are familiar to Australian’s, such as the right to obtain any information that is being held about them.
  • There’s heaps more as well, such as the controversial “right to be forgotten” This basically gives EU citizens the right to have Google, for example, remove references to them on searches. And again, the rules apply globally – not just to EU companies.
  • The new rules also put into law the concept of “Privacy by design” for software developers. Basically software developers have to show they’ve built privacy into software from the ground up, not just tagged it on in the end. This has been a long time coming.

So some really important things to think about from a IT Professional perspective as well, even if you’re not based in the EU.

View the full regulations here


Paul MatthewsABOUT PAUL MATTHEWS//

Paul Matthews is chief executive of the Institute of IT

Post a comment or question...

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.

Other Articles by Paul Matthews

ITTP professional

Time to call in the pros

opinion-article |March 30, 2015 | Paul Matthews
The Institute of IT Professionals NZ (IITP) CEO Paul Matthews explains what the Chartered IT Professional accreditation is and why we need it…

IMG116583

How to avoid the IT hall of shame

opinion-article |April 5, 2013 | Paul Matthews
IT security and project stuff-ups are certainly nothing new in our field. But things seem to be getting worse and sadly, most of these issues are preventable. Paul Matthews looks at how you can ensure your company doesn't become an entry in the IT hall of shame...


Follow iStart to keep up to date with the latest news and views...