The GDPR (General Data Protection Regulation) will take effect in every EU member state on 25th May 2018 and will affect every organisation that collects or handles data relating to EU residents.
Failure to meet the requirements could turn out to be expensive – up to 4% of annual global turnover or €20 million, whichever is greater. The data controller is responsible for demonstrating that the organisation applies to the six principles outlined in Article 5 of the GDPR:
Personal data must be:
and can only:
These six principles are at the heart of the Regulation, but it’s important to consider other areas, including: consent and documentation of consent, lawful processing, controller/processor contracts, the data protection officer (DPO), accountability and the board, and how to respond to data breaches.
There has to be a legitimate reason for collecting data. This should be made clear in the organisation’s GDPR Policy.
If you consider that a breach has taken place then you need to report it to the ICO within 72 hours. This may result in a fine/ civil and/or criminal action.
At Nayyars all of our data is collected and used in a compliant manner. We take Privacy very seriously and will only use your personal information to update you on your file and also to provide you with news about our legal services. We will NOT share your personal information with any third party companies.
New Claims Team