The General Data Protection Regulation (GDPR) comes into effect across Europe in May 2018 and will apply to the UK despite Brexit. As this is a ‘regulation’ rather than a ‘directive’ it is binding and effectively forms part of UK law as soon as it comes into force.
GDPR will apply to every organisation in the EU and any organization holding data that belongs to an EU citizen.
GDPR will require many businesses to appoint a Data Protection Officer (DPO) to achieve compliance but regardless of whether the regulation obliges you to appoint a DPO you must ensure that your business has sufficient staff and skills to discharge your GDPR obligations.
What should you do now?
- Familiarise yourself with GDPR requirements
- Find out if you need to appoint a DPO
- Review data processing activities and identify gaps in compliance
- Understand the data you hold and where it resides.
- Review contracts, privacy notices and consent forms
- Put in place an appropriate governance framework
These new regulations will present a major challenge to small-to-medium size businesses who might not either be aware of their obligations or have the resources in place to implement changes.
Much has been said about the fines, up to 4% of annual global turnover or 20 million, but there are also many benefits for organisations that ‘get it right’, in particular building customer trust and demonstrating transparency.
The GDPR is the biggest change in data protection ever to occur in the UK and will require major changes in the way both large and small companies work.
GDPR Summit Series is running a series of events with expert speakers providing information, insight and advice to help organisations understand their obligations and the opportunities.
Click here to find out more.
Ignoring the regulation until it’s too late could be a costly mistake.