The countdown is on. The General Data Protection Regulation (GDPR) comes into force in less than a year now – on 25 May 2018 to be exact.
What is GDPR?
This far-reaching, new data protection legislation will impose a range of new regulations and rules on how companies control and process their customer and prospect data.
It expands the rights of EU citizens around privacy and protection of personal data. Companies are required to maintain adequate data records, appoint a data protection officer, disclose data breaches and increase opt-out options. Importantly, in the new regime penalties for non-compliance will be significantly larger, with fines of up to €20 million or 4% of annual global turnover, whichever amount is higher. This makes non-compliance a significant business threat.
Not Ready? You are Not Alone…
Worryingly, a recent poll of 2,000 UK businesses showed a lack of awareness among many businesses about this new legislation (research by YouGov) with only 29% having started preparing for the new data governance rules.
Other research similarly shows that only 34% of UK marketing and advertising businesses are aware of the new European data protection legislation (survey by law firm, Irwin Mitchell, of 187 companies).
But What About Brexit?
It doesn’t factor into things as the GDPR will come into force before the UK leaves the European Union. FYI both the government and Information Commissioner have confirmed that it will apply. So, come May 2018 organisations handling personal data best be ready to comply with the GDPR.
Preparing for GDPR
We suggest you visit the ICO website which has a host of useful information, including a handy 11 page PDF entitled Preparing for the General Data Protection Regulation (GDPR) 12 Steps to Take Now which is a good starting point. As is their Data Protection Self Assessment which provides useful ‘more information’ for each component.
So, with next May’s deadline fast-approaching make sure you have appointed a data protection officer, understand how to implement the right to be forgotten, and have the right to data portability processes in place to ensure your organisation is compliant. Good luck