GDPR – It Won’t Go Away
Andrew Winearls from Whiting & Partners warns: We are less than six months away from a major move in the battle to protect personal data and information through the General Data Protection Regulation, GDPR, which comes into force on 25th May 2018.
As we are nearing the end of the two-year introductory period are you ready? If not, then you must act immediately because failure to comply, will be met with penalties up to 20 million euros or 4% of global turnover whichever is the greater. Ignorance will not be a defence.
Don’t think that the Regulation, basically an EU initiative, will melt away as Brexit trade talks continue. For the time being, until we’re told otherwise, forget about Brexit in relation to GDPR. The UK government committed to GDPR long ago and business focus should be on becoming compliant with the legislation. The Data Protection Bill currently going through the UK Parliament will encompass GDPR into UK law post-Brexit.
All organisations will have to comply with the new rules and there are severe penalties for any that ignore or break the rules, even unintentionally. They should consider how they deal with the personal data of employees, customers and suppliers. Previously collected data may not be used unless it was collected in a manner compliant with GDPR.
If you rely on consent as the lawful basis for processing data you will need to obtain explicitly opt-in consent to process their data.
Individuals have the right to request details of the information held about them, why it’s being held and how it is processed. As a business or organisation, you cannot charge for this unless it is an excessive request. Individuals can request that the holder deletes their data or rectifies any mistakes and every piece of personal information held by your business should be identifiable.
Data collection and storage procedures will need to conform to GDPR requirements. This includes the reporting, within 72-hours, of any breaches. Security systems will need to be robust and businesses should have a clear plan, knowing what data is retained, where it is held, who has access to it and how to report a breach.
GDPR will bring stability to the world of data providing organisations with better quality, and more reliable, data whilst ensuring individuals’ rights are protected. Preparation is key and understanding the complex rules is vital.
Whiting & Partners is running a series of FREE GDPR seminars in the New Year alongside our colleagues at Decisive IT Ltd. Places are limited. To book your place please contact Victoria Scott on 01284 752313 or firstname.lastname@example.org.