Businesses must soon be compliant with new EU rules on data protection, as the General Data Protection Regulation (GDPR) comes into force tomorrow (25 May).
The regulation applies to those with a day-to-day responsibility for data protection.
GDPR aims to minimise the risk of security breaches, which have increased dramatically since rapid advances in technology have allowed public and private companies to make use of personal data.
Since the new rules were announced last year, veterinary practices and other businesses will have had to review the way they collect personal data and update their terms and conditions to inform clients about their data processing activities. Privacy impact assessments (PIAs) should also have been carried out on products and systems to ensure they protect data adequately.
Key changes include:
- organisations must disclose any data breaches within 72 hours
- individuals must give explicit consent for their personal data to be processed - implied consent is no longer acceptable
- individuals have the right to retract consent and request that data be erased
- individuals have the right to request data in a readable format.
Those who fail to comply with the new rules will face fines of up to €20 million, or four per cent of global turnover, depending on which is greater. This will apply for serious ‘tier one’ breaches. For lesser, ‘tier two’ breaches, businesses could be fined up to €10 million or two per cent of global turnover.
To help veterinary practices ensure they are compliant with GDPR, now and in the future, a special supplement has been published online by the journal Veterinary Practice Today, in conjunction with leading IT provider, AT Veterinary Systems: http://vetpracticetoday.com/vpt-en/index_gdpr.html.