1. Articles
  2. News

Are you ready for new data protection laws?

EU GDPR

As of 25 May 2018, the EU introduces new General Data Protection Regulations. It’s not just all EU members states that must comply – any company anywhere in the world that holds data for EU citizens electronically will also have to be aware of the new rules and conform to them.

What is GDPR?

GDPR stands for General Data Protection Regulation. The GDPR is an attempt to harmonise rules and boost data protection and security for European Union citizens.

When does it come into effect?

GDPR is enforceable from 25th May 2018.

What is GDPR?

Consent needs to be explicit. Citizens will be able to ask tough questions about what is happening with data held on them. This applies to “data controllers” (organisations collecting personal data, for example IPAF is deemed to be a data controller with regard to training candidates), and “data processors” (the outfits that process the data on behalf of data controllers, for example cloud service providers).

Systems will need to be retooled. Organisations will need to show that they have built in privacy to workflows and processes –for example by scrambling identity information as it is input to a system –in an approach sometimes known as Privacy by Design.

Any breach will need to be disclosed. Data controllers that experience a breach of personal data privacy will need to report it almost immediately and may also have to notify individuals affected.

Erasure becomes a universal right. Sometimes known as “the right to be forgotten”, this allows individuals to request all personal data related to them is deleted.

Who does it apply to?

GDPR is designed to protect EU citizens and as such all companies that handle EU citizens’ data will have to be aware and comply. If you or a third party you authorise to handle data on your behalf are not compliant, then hefty fines may apply – up to €20 million, or 4% of global turnover, whichever is the higher. Plus compensation for damages suffered.

What is IPAF doing to become compliant before the deadline?

Working with Caldew Consulting among other outside experts to meet new regulations ahead of time. Preparing a GDPR Readiness Assessment and Report. Undertaking comprehensive Data Mapping and Data Privacy Impact Assessment and drawing up a new Privacy Compliance Framework.

Should my company be addressing GDPR yet?

Risking a wait and see approach is not recommended, the penalties for non-compliance will be very high, both in terms of fines and reputational damage. IPAF highly recommends all member companies to take steps to become compliant before the deadline and if needs be consult a data protection specialist to check you are ready for the changes ahead.

Other news you might be interested in

  • News

    IPAF ElevAÇÃO returns for 11th edition

    The International Powered Access Federation (IPAF) returns to Brazil for IPAF ElevAÇÃO 2024, now in its 11th edition. The event will take place from May 8th to May 9th at Hotel Terras Altas, located in Itapecerica da Serra within the São Paulo metropolitan region.

  • News

    IPAF supports NFF No Falls Week

    The International Powered Access Federation (IPAF) proudly supports the upcoming No Falls Week initiative, taking place from 13th May to 17th May. No Falls Week is a campaign dedicated to raising awareness about the importance of safe working at height practices across various industries.