The Knowledge Academy Logo
The Knowledge Academy Logo
+61 1-800-150644 - Available 24/7

Send us your message.


What is the GDPR?

The General Data Protection Regulation (GDPR) is a new legislation that will be enforced on May 25th 2018 by the European Parliament - it replaces the current EU Directive 95/46/EC. The GDPR will ensure that businesses adhere to thorough data protection requirements that are secure, responsive, and designed to give EU citizens more legal rights.


The development of the GDPR is the first revision to data protection laws in 20 years - it replaces the outdated EU Directive 95/46/EC that has not kept up with the initiation and development of the “internet age”. The regulation aims to protect EU citizens from security breaches revealing their personal data, whilst ensuring that any data processing concerning any natural persons is lawful, fair, and within the predetermined scope agreed when consent was given. Any deviations from the regulations set out within GDPR will be subject to substantial fines that can reach €20m or 4% of annual worldwide turnover.


The new statutory obligation givens citizens new rights, such as the ‘Right to be Forgotten’ which allows them to have their Personal Identifiable Information deleted by an organisation holding personal data on them - this must be completed within a month time-frame. Hence, businesses must be responsive to subject access requests and ensure that they have a system in place that is suitable, accurate, and manageable.


The instigation of the GDPR will reduce the probability of security breaches occurring if appropriate governance measures are put in place that adhere to the regulation’s stringent articles. Privacy impact assessments and privacy by design are fundamental to the success of an orchestrated compliance programme, hence must be central to an organisation’s data protection procedure and are emphasised throughout our GDPR training courses.


The GDPR will apply to all organisations storing and processing data belonging to EU citizens, regardless of the company’s worldwide geographical location - this includes third-party storage and cloud services. For example, The Knowledge Academy has offices with shared data storage, in the UK and in several worldwide locations that are exterior to the EU. The offices exterior to the EU are still required to have compliance mechanisms in place due to storing personal data belonging to EU citizens.


Key Points of the GDPR

  • Those non-compliant with the General Data Protection Regulation will face a fine of up to €20m or 4% of annual worldwide turnover - whichever is greatest

  • If a data breach occurs you must notify the Supervisory Authority within 72 hours of discovering the breach

  • EU citizens must give their consent to data processing and now have new rights, including the right to have their data erased, to move their data to another organisation (portability), and the right to object to all forms of data processing

  • Privacy Impact Assessments will become mandatory for large, complex, and high-risk data processing activities

  • Businesses must demonstrate compliance with the GDPR’s Privacy by Design concept - this can be achieved through delineating the steps taken to ensure that Data Subjects cannot be identified and that the storage method is sufficient and capable of resisting security breaches

Click here to view what GDPR training we can provide you with to enhance your knowledge further