It Is Critical That Businesses on Montserrat Adhere to New GDPR Guidelines: Factsheet

Author

MNI Media

Release Date

Friday, May 25, 2018

Share

The General Data Protection Regulation comes into effect on Friday May 25th, 2018! It is important the organisations and companies that use the personal data of their users be compliant with the new GDPR guidelines.

MNI Media presents a brief guide on why it is important for Montserrat to be GDPR ready.

In addition, Miss Loni Howe, ICT Coordinator in the Ministry of Communications, Works, Energy and Labour (MCWEL) presents some tips on why this is important 


GDPR: What is it?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

The GDPR replaces the 1995 Data Protection Directive.So, what’s changed since the previous regulation?

Well, that was 1995. A lot has changed since then but here are the key points:
  • The World is getting smaller and companies all over the globe may hold some sort of data on EU nationals. Official line: ‘It applies to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not’
  • Penalties are steeper with maximum fines of up to 4% of annual global turnover or €20 Million – whichever is greater!
  • Consent has been made stronger. Opt-ins need to be clearer and opt-out need to be easier.
When is this happening?
(The “GDPR”) comes into effect on May 25, 2018.

Who does is apply to?
Any businesses within the European Union AND outside the EU if they offer products, services to and hold personal data on EU nationals

Why do we need it?
We’re living in a digital data-driven world and need protection from data breaches, especially as lots of companies hold all kinds of personal data

What about Brexit?
The UK government has recognized that it will still be part of the EU when the General Data Protection Regulation (the “GDPR”) comes into effect on May 25, 2018.[2] The UK has stated that it will comply with the GDPR, and that its compliance will not be affected by Brexit.[…

Can I be fined for non-compliance?
Very hefty fines of up to 4% of annual global turnover or a max of €20m

What is personal data?
Any information held about an individual that identifies them

What is a data controller?

Someone who keeps and processes data and information about an  individual

Data Subject Rights
You have 72 hours. You must notify individuals and controllers as soon as you are aware of a data breach that poses a risk to the freedom and rights of an individual. This is mandatory.

Individuals can contact a data controller for confirmation on if their personal data is being held and how it is being used. This needs to be provided to the individual electronically and FREE of charge!

Please delete me! Also known as the right to be forgotten. Individuals can request to have a data controller erase their personal data, stop sharing their data and potentially have third parties stop processing data.

Individuals can move their data. Known as portable data, it gives an individual the right to receive their personal data which they have previously provided and move it to another controller.

You’re ready for the GDPR but you realize that the form on your website doesn’t have the right legal notice or opt-in section. Make sure controllers set up appropriate technical and organizational measures straight away, not as an afterthought… It could damage all that arduous work you put in!

You don’t need my life story. Controllers must only hold and process data necessary for the completion of its duties. Individuals are not going to want to give you their home address and shoe size just to download your latest blog!

Who is responsible then?
A Data Protection Officer or DPO will need to be appointed for controllers and processors whose activities mostly revolve around data processing and monitoring, with internal record keeping becoming mandatory. Your DPO can be an internal or external employee but importantly they must be:
An expert on data protection law and practices
Given appropriate resources and training to do their job properly
Reporting directly to top level management

Latest Stories