JULY 2017 - GDPR – are you ready for the new data regime?
As most businesses will be aware, the new General Data Protection Regulation (GDPR) comes in to effect on 25th May 2018. GDPR is a European regulation, which, in light of Brexit, has caused much discussion and speculation over whether UK businesses will actually be affected. Owing to the deadline for compliance, and the length of time Brexit will take to complete, the resounding answer is that yes, UK businesses are obliged to adhere to the new legislation.
So what does this mean? Well, with penalties of up to €20 million or 4% of annual turnover (whichever is greatest) for non-compliance, the first step is to get to grips with what your business needs to do to meet GDPR standards. In very basic terms, the regulation requires you to keep all ‘personal data’ secure, the definition of which now includes any data that can be used to directly identify an individual. The Information Commissioners Office have put together compliance guidelines, which we have summarised in our latest newsletter.
There will be stricter controls in place in the case of any data breaches, with heavy fines for missing the 72 hour reporting deadline.
The regulation also affects staff of different levels – historically it was generally the Data Controller who would be responsible for data management, going forward anyone that handles data will be required to adhere to GDPR, i.e. Data Processors, who would be answerable to the Data Controller.
There is a lot to think about, and much preparation to do in order to be ready for the new regulation which is less than a year away. In our latest newsletter I have looked at GDPR in more depth, including some handy tips on what you should do next, and how we can help if you need it. Please click here to download the newsletter, or if you have any queries please feel free to drop me an email.