What you need to know about GDPR

Published on the 29/05/2018 | Written by Paul Matthews

GDPR went live on 25 May – but how does it affects you?…

So what’s all the fuss about? It’s actually a really significant change to the rules around personal data, and it really does affect you.

Here’s a quick summary:

  • The EU says the changes attempt to “harmonize data privacy laws across Europe, protect and empower all EU citizens data privacy and reshape the way organisations across the region approach data privacy.”
  • One of the more controversial impacts of the new rules, and the reason it has such a world-wide impact, is what they call the “extra-territorial applicability“.  This means that it applies to all companies worldwide who are dealing with information about people residing in the EU, even those simply offering goods or services to EU citizens. It hits everyone and it’s huge.
  • One of the key changes is around consent. Basically if a company is going to store or process personal data such as names, email addresses and the like, it needs to have explicit consent. The small print in the middle of a 10-page “terms and conditions” aren’t enough – it has to be in complete plain English.
  • The method of consent has to be recorded as well and proper records kept. This is significant – for example, if you have a mailing list you need to be able to show when people opted in and how.
  • The fines are huge too. Companies can be fined up to 4 percent of their annual global turnover for breaches, with big fines for even seemingly minor issues.
  • Companies must now also tell people if they’ve had a breach. We’ve seen a heap of this lately – people’s information being stolen and companies keeping it quiet to try to avoid reputation damage. Do that now and it could cost 2 percent of global revenue.
  • Other changes are familiar to kiwis, such as the right to obtain (free of charge) any information that is being held about them. That’s been a part of NZ’s Privacy Act for a long time, although the EU law goes further.
  • There’s heaps more as well, such as the controversial “right to be forgotten” This basically gives EU citizens the right to have Google, for example, remove references to them on searches. And again, the rules apply globally – not just to EU companies.
  • The new rules also put into law the concept of “Privacy by design” for software developers. Basically software developers have to show they’ve built privacy into software from the ground up, not just tagged it on in the end. This has been a long time coming.

So some really important things to think about from a IT Professional perspective as well, even if you’re not based in the EU.

View the full regulations here


Paul Matthews is chief executive of the Institute of IT

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Other Articles by Paul Matthews

new software procurement model

IITP welcomes new software procurement model

opinion-article |June 19, 2015 | Paul Matthews

Recently, the MBIE and the NZ Police launched a Request for Proposals for the development of a a mobile 111 app and related technology. But, writes IITP CEO Paul Matthews, this was no ordinary RFP…

Time to call in the pros

opinion-article |March 30, 2015 | Paul Matthews

The Institute of IT Professionals NZ (IITP) CEO Paul Matthews explains what the Chartered IT Professional accreditation is and why we need it…

How to avoid the IT hall of shame

opinion-article |April 5, 2013 | Paul Matthews

IT security and project stuff-ups are certainly nothing new in our field. But things seem to be getting worse and sadly, most of these issues are preventable. Paul Matthews looks at how you can ensure your company doesn’t become an entry in the IT hall of shame…

Follow iStart to keep up to date with the latest news and views...