Hopefully, you’re aware of the new General Data Protection Regulation (GDPR) that comes into force on 25th May 2018 and are preparing for them!
It is a Regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union.
But we’re leaving, so it doesn’t affect us, does it?
Firstly, we likely will not have negotiated our exit by the time this regulation is due to come into force, but secondly, all those we do business with are going to require us to meet the same standards they have to, and it’s going to affect almost every business, as the emphasis shifts from being solely on Data Controllers, as required under the current Data Protection Act, to Data Processors.
The fines are getting serious…
Fines for data breaches are set to be the higher of €20 million or 4% of a company’s annual global turnover.
An easy way to start to think about the new GDPR regulation is to think ‘Privacy by Design’, by this we mean thinking about data protection from the moment you start thinking about how to collect and record data. For example, keeping data types separate that could be used together to cause a security breach, such as bank details and names and addresses.
The current Data Protection Act is Inadequate
The Data Protection Act (as have many other EU Acts) has been deemed inadequate by the commission, and transfer of data from the EEA to the UK could only continue with no changes if it were deemed adequate, so we need a GDPR equivalent, so may as well just adopt the same standards than re-invent the wheel?
We'll keep you posted with any further updates and what you need to do