You’re fed up of hearing about GDPR, aren’t you? We understand. We’re not especially excited by it any more either (were we ever?). But it’s important, especially from today. Because today is the day that GDPR becomes law. You can’t put it off any longer!
If you still haven’t quite wrapped your head around it all, we’re here to help. We’ve boiled the confusion that is GDPR down to a few key numbers that are well worth knowing. Think of this as your crib sheet. Feel free to print it out and smuggle it into the exam room. We won’t tell.
6: The number of available lawful bases for processing personal data
These bases include:
- Consent
- Contract
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
In plain English: You can’t just process data willy-nilly. You need a reason. A very good reason. One a lawyer would approve of.
£35: The amount it costs to register as a data controller
Unless your business has an annual turnover of £25.9 million and more than 249 members of staff, or you’re a public authority with more than 249 members of staff. In which case you can probably afford the £500 fee.
In plain English: You have to register as a data controller and it costs money but not very much unless you’re loaded anyway.
8: The number of rights provided for individuals under GDPR
These rights include:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure (aka The right to be forgotten)
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
In plain English: People are the boss of their own data. They can access it, change it, tell you to get rid of it – and a bunch more besides.
€20 million: The fine you could face for not complying with GDPR
Penalties for breaching GDPR can reach up to €20 million or 4% of global turnover – whichever is higher (yes, higher!).
In plain English: Getting GDPR compliant may be a pain in the backside but not nearly as much of a pain in the backside as having to fork out silly money if you don’t.
40%: The number of EU-based executives who don’t have a clue about GDPR rules
Actually the exact wording used by the Financial Times article where we read this was: “According to the consultancy EY, which surveyed 1,100 EU-based executives for its latest fraud and compliance report, almost 40 per cent said they did not know the GDPR rules even fairly well.”
In plain English: No one knows what the heck is going on. Even top people who really should. Which is worrying. But kind of reassuring too, right?
12: The number of steps the ICO suggests taking to prepare for GDPR
And by ICO we mean the Information Commissioner’s Office. In other words, the GDPR experts. They’ve even produced a handy little guide, all designed in uplifting colours with a snazzy infographic so it won’t appear as tedious as it will in fact be to action.
In plain English: Making sure you’re GDPR compliant isn’t a quick process. You will need to think about many, many things. But at least they made you an infographic.
72: The number of hours you have to report a data breach
If you don’t, you can be fined €10 or 2% of global turnover, whichever is greater. Even if you were otherwise compliant up until then.
In plain English: Even if you do everything right, if some cyber criminal cracks your code and you don’t report it quick smart, you’re still going to be out of pocket.
10%: The bare minimum you should be doing
If you can show that you have made a start in complying with the new GDPR rules – and can provide an implementation plan to get you to full compliance within a set time frame – you could reduce a potential fine.
In plain English: Making a start is better than doing nothing. You might still get fined, but it should be less. Although we still recommend avoiding a fine altogether by cracking on and making sure you’re compliant asap.
Hopefully that little run down has given you a few more facts without you having to invest an awful lot of reading time. There’s plenty more info over on the ICO website if you need it… or if you can’t sleep one night after too much Brie.
While we’ve got you, if you have any data – whether that be paper documents, hard drives or anything else – that you need to destroy in light of GDPR, we can help. Give us a call today.