Not long until GDPR becomes law

GDPR – 66 days to go

A reminder that the General Data Protection Regulation is due to become law 25 May 2018. At the time of writing this blog, that’s 66 days to become compliant.

Why should you take it seriously?

Because there are significant financial penalties for getting it wrong: meaning fines to you of up to 4% of an organisation’s turnover. This is why larger corporations are sitting up and taking notice. This new regulation places respect for the rights of an individual for privacy squarely at the feet of the UK business community and everyone needs to listen.

Aside from the penalties for non-compliance there are also compelling commercial reasons for getting to grips with GDPR. For example, your customers – to achieve compliance – will be required to make sure that any organisation that handles their data is also GDPR compliant, and that may well mean you. If they ask you for confirmation that you are compliant, and you are unable to confirm, they may be obliged to seek an alternative supplier.

Therefore, it will affect all businesses. We will also need to respect it’s legal standing, as Brexit or no Brexit, the GDPR is being adopted into UK law.

There are new requirements that aren’t in the present Data Protection Act 1998

New requirements include
  • Reporting data breaches.
  • Cross-border considerations.
  • New rights for customers: namely access to information on how you’re using their data and their right to request that personal data is deleted.
  • Need to demonstrate that your business is mitigating against risks of misuse of personal data.

Therefore, everyone needs to appreciate that from 25 May 2018, assessing and protecting customers, suppliers and staff personal data (essentially protecting their privacy) needs to be of paramount concern.

Talk to us if you have any queries about this or any other legislative issues.