25th May 2018 – a date you need to add to your diary as this is when the European Union’s General Data Protection Regulation (GDPR) comes into force.
So What is GDPR
GDPR is a new set of rules in relation to privacy and data security for users information intended to give individuals more control. GDPR applies to all companies that hold data on any EU residents; including companies outwith Europe and Brexit will have no impact on this for companies in the UK. If you have EU resident data in your system you need to make sure you are complying with all updated rules in this policy or you could be faced with strict penalties and fines.
How you can prepare
Things to consider;
- If you know where and how you collect your data it makes things much easier to know how to comply with any rules/regulations there are. So familiarise yourself with where & how you get your data.
- Old data? It’s time to consider how to manage information you have collected but may not be relevant or required anymore. Archiving the data could still put you at risk so
- Make staff aware; take time to train your employees to understand what the new regulations are and the policies that they need to adhere to.
- Plan ahead; ensure that you have a plan if there are any potential data breaches. Companies have a responsibility to its users to inform the relevant authority within 72 hours of identifying any threats.
Recent study of UK businesses show that only around 25% are prepared for the new regulations. With potential penalties of up to 4% of annual turnover in serious cases, it’s important to make sure you begin to prepare and protect your company. Ignoring GDPR individual rights of processing or transferring data is a much stricter fine, with up to 4% of annual revenue or 20 million euros.
We all have a right to be in full control of our personal data and this strengthens our argument if we wish to remove, amend or share any information a company has stored. Allowing the security of our data, as well as our rights being placed as a main priority for businesses.
Although the GDPR is an EU regulation update it still applies to UK companies. The UK is also planning its own Data Protection Bill renewal which is similar to the new EU one, with it still waiting on approval. The UK is implementing just as strict rules when the Data Protection Bill is approved, with up to £17 million or 4% turnover of the yearly period.
If you haven’t already it’s time to make sure you are ready for GDPR. Update and implement all rules that are required by law in time for the update and communicate with all employees any changes so they don’t fall in the trap, as they could be the reason you face a fine.
The Information Commissioner’s Office (ICO) has created a guide that can help companies ensure they comply. You can find the guide here.
Share With The World