The EU General Data Protection Regulation (GDPR), which supersedes the UK Data Protection Act 1998 came into force in April 2016, however companies have been given until 25th May 2018 to become compliant.
Strengthening the privacy rights of individuals
The GDPR provides individuals with more control over their personal information and ensures companies are now more accountable for data protection by placing a range of new responsibilities upon them.
The regulations regarding how a company obtains consent will be much stricter and individuals will have the right to clear and transparent information on exactly what data is collected about them and how it is processed. They will also have the right to rectify any inaccurate personal data or, in certain cases, have their data erased or moved to another service provider. We have put together a 12 step guide to GDPR to help you navigate your way through to comply.
What happens if your business does not comply?
Currently, under the Data Protection Act, businesses that do not comply with the regulations could face fines of up to £500,000; criminal prosecutions; and obligatory undertakings (where a company must commit to a specific action to ensure compliance).
Failure to comply with the new regulations could mean:
- Fines of up to €20 million or 4% global turnover (whichever is higher).
- Liability for damages (individuals will have the right to compensation if the regulations are breached).
- Reputational damage and loss of consumer trust.
All too often we hear of data being misplaced, stolen, misused or shared without consent. Complying with the GDPR will help protect your current and potential customers and give individuals trust and confidence in your business.
The Government has confirmed that Brexit will not affect the GDPR start date and that post-Brexit the UK’s own law (or a newly-proposed Data Protection Act) will mirror the GDPR.
The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. They have published a detailed guide and produced a number of tools to help companies make sure they are GDPR compliant. Please click here to learn more.