What is The General Data Protection Regulation (GDPR)?
GDPR stands for the General Data Protection Regulation. The GDPR is the new European Union (“EU”) law that regulates the personal data of individuals in the EU. It will replace the EU Data Protection Directive, the EU’s current privacy law, which has been in place since 1995. The GDPR harmonises data protection law across Europe and introduces sweeping changes that require companies to make significant updates to their privacy and security policies and practices.
When will the law come into force?
The GDPR will become enforceable on May 25, 2018. From that date, we are legally required to comply with the GDPR.
What does the GDPR apply to?
GDPR applies to the personal data of individuals in the EU. Personal data is defined as any type of information that identifies or can be linked to an individual. In addition to the usual types of personal data such as, name, address, phone number etc., this definition can also include information such as an IP address or device identifier. The GDPR requires us to handle personal data in specific ways and gives individuals new rights related to the processing of their personal data, among other obligations.
Our GDPR plans
The Institute of Export & International Trade has robust plans to comply with the European Commission’s replacement law for the Data Protection Directive 95/46/EC, the General Data Protection Regulation (“GDPR”), by the enforcement date (25 May 2018).
To ensure GDPR readiness by the enforcement date, The Institute of Export & International Trade is currently:
- Educating the organisation about GDPR and its requirements.
- Conducting a GDPR gap analysis with our legal advisors.
- Documenting the personal data The Institute of Export & International Trade holds, where it came from, and who The Institute of Export & International Trade may share it with.
- Reviewing current privacy notices and making any necessary changes in time for GDPR implementation.
- Ensuring existing procedures cover all the rights individuals have under GDPR, including deleting personal data.
- Identifying our lawful basis for processing personal data, documenting it, and updating our privacy notice to explain it to individuals.
- Reviewing how The Institute of Export & International Trade obtains, records, and manages consent.
- Reviewing and updating contracts with third parties to ensure our privacy obligations are up to date.
- Ensuring the right procedures are in place to detect, report, and investigate a personal data breach.
- Creating processes for Data Protection Impact Assessments.
- Creating processes for data subject access request fulfillment.