The EU General Data Protection Regulation (GDPR)
The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998. Significant and wide-reaching in scope, the new law brings a 21st century approach to data protection. It expands the rights of individuals to control how their personal information is collected and processed, and places a range of new obligations on organisations to be more accountable for data protection.
Crucially for businesses, the GDPR sets out much bigger fines for non-compliance— up to 4 per cent of global annual turnover, or £20m, whichever is greater. At present, the Information Commissioner’s Office can issue a maximum fine of £500,000 for breaches of data rules.
You had until 25 May 2018 to be GDPR Compliant
Compliance is not a choice and time is short
GDPR compliance is not just a matter of ticking a few boxes; the Regulation demands that you be able to demonstrate compliance with the data protection principles. This involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security.
With the appropriate compliance framework in place, not only will you be able to avoid significant fines and reputational damage, you will also be able to show customers that you are trustworthy and responsible, and derive added value from the data you hold.