Check your calendar. Now pencil in May 25th, 2018. That’s the date when the European General Data Protection Regulation (GDPR) comes into effect. Sure, most business owners are aware of GDPR. But many still unsure as to what it actually is.
Sound like you? Not to worry, we’ve got you covered. This guide explains exactly what GDPR is and, crucially, what it will mean for you and your business.
Hi GDPR, nice to meet you…
Acronyms can sound quite intimidating. GDPR is no different. In essence though, the premise really is quite simple. GDPR means businesses will be compelled to comply with new regulations governing the secure collection, storage and usage of personal information.
For those who don’t comply or fall foul of the new laws, they’ll receive significant fines. That’s the tough part. The threat to data, of course, has never been higher. So the rules are to be embraced.
It is to be equally welcomed that small businesses won’t be treated the same as their larger counterparts or public enterprises. Flick through the pages of GDPR to Article 30 and you’ll happen across a declaration that organisations with fewer than 250 employees will not be bound by GDPR. Even so, there are a number of stipulations that the smaller business owners among us will need to adhere to.
Why is GDPR being introduced?
The Internet of Things is here. Digitisation is developing at pace. It’s atop the priority list for boardrooms. Cybersecurity skills and processes are also developing in these companies but at a much slower pace. The emergent security gap, therefore, continues to grow and, within this space, lurks ever-burgeoning threats.
GDPR is a direct response to this. The two core aims of GDPR are to:
- Return control of personal data to citizens
- Unify and simplify the regulatory environment in the EU for international businesses
The regulations are designed to raise awareness; to remind and encourage all businesses across the EU to think seriously about data protection. This doesn’t mean you can ignore them. Alongside harsh penalties, individuals can sue for compensation to recover both material damage and non-material damage, like distress.
Post-Brexit, will GDPR affect UK businesses?
The UK has voted to leave the EU. The terms on which the Kingdom will separate remain to be seen. Regardless of Brexit, UK business that handles data about EU residents will still have to comply with the new regulations.
The government has left little doubt about this, confirming that UK will shuffle out the 1988 Data Protection Act (DPA) with legislation that reflects GDPR post-Brexit.
4 GDPR things to factor into your thinking:
European General Data Protection Regulation will:
- Increase fines: The monetary costs of failing to comply with GDPR are set to soar beyond any previous punishments. GDPR enables the imposition of fines up to €20 million or 4% of annual turnover.
- Affect small, medium and large businesses: Organisations with over 250 employees will be compelled to hire a Data Protection Officer to ensure they manage data responsibly. Small businesses with under 250 employees will also fall under the auspices of GDPR if their data management is deemed to carry a risk to the rights and freedoms of data subjects.
- The reporting breaches compulsory: Breaches in data security should be reported within 24 -72 hours to must be reported immediately to data protection authorities in the UK.
- The right to be forgotten: More rights will be given to individuals when it comes to businesses use their personal data. A notable change will be the ‘right to be forgotten’.
Need help with GDPR?
If you’re unsure about whether or not GDPR applies to you or how to deal with personal data under the new terms, send your questions in and one of our compliance experts will give you a helpful response.