The regulation takes effect in the 28 EU Member Countries which includes the United Kingdom. Therefore, Montserrat and other British Overseas Territories, will now also have to comply with the EU-GDPR.
The GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the (EU) and replaces the 1995 Data Protection Directive. The regulation applies to any business within the European Union and outside the EU that offers products, services to, and hold personal data on EU nationals.
As this new regulation takes effect, the Ministry of Communications, which is responsible for the implementation of the National ICT Policy and Strategy, said it is important for business owners on Montserrat to familiarise themselves with this new regulation and to take the necessary steps to be compliant.
The GDPR identifies 6 steps to compliance, they are:
1. Creating a data inventory
2. Privacy Notices- review privacy notices to ensure service users and employees are fully informed about data use.
3. Customer Consent – Review how you seek, obtain and record consent.
4. Customer Rights – How will you record and action new customers’ requests for deletion, access and data portability?
5. Data Breaches – How will you prevent, detect and investigate breaches and inform authority and users?
6. Data Protection Officers & Privacy by Design – Assess your data protection requirements to ensure privacy is a central part of all future projects.
Companies that do not comply can face hefty fines of up to 4% of annual global turnover or up to 20 Million Euros.
For more information, log onto the United Kingdom’s Government Information Commissions office website https://ico.org.uk/. This office is responsible for dissemination of GDPR information and its implementation.