This will be one of the most significant legislation changes affecting businesses for years and will affect every UK business. It represents a major culture shift in the way that data is handled by companies and will impact every UK business.
It is important that your business understands the implications and becomes compliant before the effective date of the 25th of May.
What Is GDPR
The European General Data Protection Regulation (GDPR) is a set of regulations designed to give citizens and residents more control of their personal data whilst simplifying existing EU legislation.
It will affect every business that processes personal data of EU citizens and there will be penalties for those that do not comply.
Despite originating from the European Union, its implementation and enforcement in the UK will be unaffected by Brexit.
What Is Affected By GDPR
The legislation is designed to give individuals more control and rights over how businesses use their data. This will include tighter protections on what constitutes consent to store a person’s data and the right to be forgotten.
GDPR will affect any process within a business that collects or uses personal data. This will normally include marketing, IT and HR functions within the business.
For example, in the marketing of your business the process of adding someone to a marketing email list will be a lot stricter. A clear opt in will be required and cannot be presumed or added to a contract (no more pre-filled tick boxes)
What Happens If A Business Does Not Comply
Failure to comply will result in harsher penalties than previous data protection regulations. The Information Commission Office will see its fine ceiling increase from £500,000 to 20 million euros or 4% of turnover (whichever is greater).
If you would like to know more about GDPR see the Aspiring Panda blog on the steps that businesses can take to comply with GDPR or visit the ICO website