Are you confused by GDPR? Get the facts with our FAQ.

With so much noise being created around the General Data Protection Regulation (GDPR) it can be very confusing to separate fact from fiction.

We at CST are always here to make things simple and help you cut through all the technology and vendor messages. No matter what you hear, no single vendor can ensure you are GDPR compliant. In fact, there is no mention of technology at all in the regulation (other than Encryption!) Much of a company’s ability to demonstrate compliance will be based on people and process.

That said, please find below a list of our Frequently Asked Questions.

What date does the GPDR come in to effect?

• 25th May 2018

How many principles does the GDPR have?

• 6

What percentage of the ICO (The Information Commissioners Office – that is responsible for policing GDPR compliance) will be funded by fines?

• 100%

Who does GDPR apply to?

• Any organisation that handles PII (Personably Identifiable Information) in Europe

In what time frame does an organisation have to notify the ICO if they have been breached?

• 72 hours

What percentage of global turnover and € amount will an organisation be fined for a failure of compliance?

• 4% or €20m

What percentage of global turnover and € amount will an organisation be fined for a lack of process?

• 2% or €10m

What Regulation does the GDPR replace?

• The Data Protection Act
  

Approximately how many pieces of PII does an organisation have to handle to class as a large enterprise?

• 5000
  

If you are classed as a large enterprise, what must you have in place?

• A DPO (Data Protection Officer)
  

If you have any further questions that are not covered here, please get in touch with the team today on 0207 621 9740 or email info@cstl.com