WHO IS RESPONSIBLE FOR THE DATA I COLLECT?
A Data Controller decides how and why personal data is processed. A Data Processor does the work. As a Data Processor, you’ll have more responsibilities, with specific laws to follow and more legal liability around record keeping and evidence. As a controller, the GDPR puts even more pressure on you to make sure the people who process your data comply.
WHAT SORT OF PUNISHMENT IS LIKELY?
The financial penalties for non-compliance are higher than for the old Data Protection Act. There’s an upper limit of €20 million or 4% of your annual global turnover, whichever is greater. The authorities can also:
- Issue warnings
- Carry out audits
- Demand that you fix things within a strict deadline
- Demand you erase data
- Stop data transfers to other countries
- Apply these powers to data controllers and processors and data processors
HOW DO I MAKE SURE OUR IT SYSTEMS COMPLY?
The more complex your system is, the more you might have to do to make sure it supports every aspect of business-wide compliance. Your first step is to start thinking about GDPR now, to give your company the time needed to get ready. Unless you are 100% confident you can handle it in-house, your second step is to find someone you can trust to give your IT an overhaul.