The General Data Protection Regulations (GDPR) comes into effect on 25th May 2018.
The regulations seek to update data protection laws for the 21st century and provide an EU-wide consistent approach to protecting individual’s data rights. However, the GDPR has been labelled as confusing and unclear which has resulted in widespread uncertainty within businesses as to whether they are going to be compliant when the GDPR takes effect.
It is important to note that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
The GDPR has increased the burden of responsibility on businesses when they seek to collect, process or store data.
These burdens include increased:
• Rights for individuals to access, amend or delete data;
• Data notice requirements;
• Due Diligence when using third party data processors; and
• Lawful processing guidelines.
To support the enforcement of these responsibilities the GDPR has now extended the previous maximum Data Protection Act fine from £500,000 to €20,000,000 or 4% of global turnover, whichever is greater. While it is not expected fines of this magnitude will be handed out for minor breaches, a prudent business should ensure reasonable processes are in place to support a defence from any potential prosecution.
It would be sensible for businesses to perform a data review to ensure that any data they hold is compliant with the GDPR and enact policies that plug any administrative holes in their data policies.
For more information about the GDPR and how we can support your business in creating a bespoke GDPR package please call us on 0116 286 7000.