Firms in the EU now hold more data than ever about consumers and service users. Every day more and more data is collected and stored, however; consumers are not always aware of what their data is being used for. New data protection rules are being introduced across the EU to help to give consumers more protection over the way that their data is used and stored. If your company collects and stores any personal data, you will be affected by the General Data Protection Regulation (GDPR).
Controlling data at a company
As part of the new GDPR rules, any company that holds a data licence must nominate a responsible person to oversee data compliance within the company. They may hold this role alongside other responsibilities within the company. The nominated data controller can be held accountable for data breaches, even if the breaches were committed without the knowledge of the controller. Any data breaches may result in sanctions, including large fines. These fines can be up to 20,000,000 EUR or 4% of the annual turnover, depending on the size of the company. The nominated controller may also face individual sanctions.
The Public Right to Data
Members of the public have the right to find out what data is being held about them by a company. This data must be provided to them within a reasonable timeframe if they request it. Compiling all of this data can be time consuming, as each piece of data must be vetted to ensure that it does not breach any other user's rights to privacy.
Should I hire a specific Data Protection Officer?
The new regulations which are being introduced are very complicated. Without extensive legal knowledge it can be hard to understand whether a firm is compliant or not. However, failure to comply could lead to a serious data breach. A new Data Protection Officer should have a sound knowledge and understanding about the enforcement of the EU Data Protection Regulation. They will be able to dedicate more time towards making sure that the company is complaint. If you are concerned about the way that your company handles personal data, you are advised to hire an external or dedicated Data Protection Officer.