Are you ready for new data protection laws?


As of 25 May 2018, the EU introduces new General Data Protection Regulations. It’s not just all EU members states that must comply – any company anywhere in the world that holds data for EU citizens electronically will also have to be aware of the new rules and conform to them.

What is GDPR?

GDPR stands for General Data Protection Regulation. The GDPR is an attempt to harmonise rules and boost data protection and security for European Union citizens.

When does it come into effect?

GDPR is enforceable from 25th May 2018.

What is GDPR?

Consent needs to be explicit. Citizens will be able to ask tough questions about what is happening with data held on them. This applies to “data controllers” (organisations collecting personal data, for example IPAF is deemed to be a data controller with regard to training candidates), and “data processors” (the outfits that process the data on behalf of data controllers, for example cloud service providers).

Systems will need to be retooled. Organisations will need to show that they have built in privacy to workflows and processes –for example by scrambling identity information as it is input to a system –in an approach sometimes known as Privacy by Design.

Any breach will need to be disclosed. Data controllers that experience a breach of personal data privacy will need to report it almost immediately and may also have to notify individuals affected.

Erasure becomes a universal right. Sometimes known as “the right to be forgotten”, this allows individuals to request all personal data related to them is deleted.

Who does it apply to?

GDPR is designed to protect EU citizens and as such all companies that handle EU citizens’ data will have to be aware and comply. If you or a third party you authorise to handle data on your behalf are not compliant, then hefty fines may apply – up to €20 million, or 4% of global turnover, whichever is the higher. Plus compensation for damages suffered.

What is IPAF doing to become compliant before the deadline?

Working with Caldew Consulting among other outside experts to meet new regulations ahead of time. Preparing a GDPR Readiness Assessment and Report. Undertaking comprehensive Data Mapping and Data Privacy Impact Assessment and drawing up a new Privacy Compliance Framework.

Should my company be addressing GDPR yet?

Risking a wait and see approach is not recommended, the penalties for non-compliance will be very high, both in terms of fines and reputational damage. IPAF highly recommends all member companies to take steps to become compliant before the deadline and if needs be consult a data protection specialist to check you are ready for the changes ahead.

Other news you might be interested in

  • Around 300 industry professionals gathered on 8 March 2018 in Miami, USA, to honour the winners of the International Awards for Powered Access (IAPAs). Jointly organised by Access International and IPAF, the IAPAs celebrate best practice and excellence in the powered access industry.

    Those assembled at the Hilton Miami Downtown were also the first to learn that the next edition of the awards ceremony will be held in Dubai, UAE.

  • The International Powered Access Federation (IPAF) has experienced another year of global growth, seeing membership rise by 6.6% year-on-year, a 7.8% increase in turnover and global training delivery up by around 4%, according to the Annual Report 2017, published today in eight languages including for the first time in Chinese.

  • Places are filling up fast at for the International Powered Access Federation (IPAF) Summit and the International Awards for Powered Access (IAPAs) celebration dinner, to be held at the Hilton Miami Downtown in Florida, USA, on 8 March 2018. The theme for the Summit is “Quantifying Sustainability”.