A reminder that the General Data Protection Regulation is due to become law 25 May 2018. At the time of writing this blog, that’s 75 days to become compliant.
Why should you take the GDPR seriously?
Basically, because there are significant financial penalties for getting it wrong: fines of up to 4% of an organisation’s worldwide turnover. Which is why larger corporations are sitting up and taking notice of the GDPR; this new regulation places respect for the rights of an individual for privacy squarely at the feet of the UK business community.
Aside from the penalties that may be levied for non-compliance there are also compelling commercial reasons for getting to grips with GDPR. For example, your customers – to achieve GDPR compliance – will be required to make sure that any organisation that handles their personal data is also GDPR compliant, and that may mean you. If they ask you for confirmation that you are compliant, and you are unable to confirm, they may be obliged to seek an alternative supplier.
Accordingly, the GDPR will affect all our businesses. We will also need to respect it’s legal standing, as Brexit or no Brexit, the GDPR is being adopted into UK law.
New requirements, not in the present Data Protection Act 1998, include:
- Reporting data breaches.
- Cross-border considerations.
- New rights for customers: need to inform them how you are using their personal data and their rights under the GDPR to request that personal data is deleted.
- Need to demonstrate that your business is mitigating against risks of misuse of personal data.
Business owners and staff need to appreciate that from 25 May 2018, assessing and protecting customers, suppliers and staff personal data (essentially protecting their privacy) needs to be of paramount concern.