Are you prepared for new data protection law changes?
In exactly a year’s time the largest overhaul of data protection laws will come into effect - with it having massive consequences for many businesses.
Yet despite the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018 many businesses have not taken any steps to meet the new legislation, while others are not even aware of it, even though it demands 100 per cent compliance.
Businesses that do not comply are running the risk of receiving lofty fines - up to €20million or four percent of a company’s worldwide turnover, whichever is higher - loss of consumer and supply chain confidence, as well as significant damage to reputations. The need for businesses to ensure they have robust policies, procedures and processes in place has never been greater.
In this article Paul Dunlop, Principal and Head of Litigation and Disputes, offers insights on how the new laws will affect your business, what steps are necessary to take to comply and how Blanchards Bailey can help you to manage this vital overhaul of your data.
Impact of GDPR
Research by the UK’s Ministry of Justice estimated it could cost as much as £320million for UK businesses to comply with the new regulation. A report by the Information Commissioner’s Office (ICO) also laid bare the huge implications for small to medium-sized businesses that use direct marketing - with estimates it will cost them an extra £76,000 a year, while training marketing staff is likely to be over £7,500.
The new GDPR will impact on any business in the world that deals with the personal data of EU citizens. It has been nearly two decades since the UK’s data protection laws were last updated - via the Data Protection Act 1998. That legislation was introduced to bring UK law into line with the EU’s Data Protection Directive, which was introduced in 1995.
Since 1998, the world has seen an explosion of digital services and internet devices, the birth of online retail and mobile phones transforming into miniature computers. This has led to the emergence and cultivation of new industries based on the use of personal data and the recording of commercially sensitive data.
“The GDPR will impact on many businesses as data processing covers anything that concerns the use of data,” Paul Dunlop said: “It is a broad subject but essentially GDPR will apply where a business processes data i.e. receiving, retaining and/or giving it to somebody.”
“When the law comes in next year businesses dealing with data will have to do a lot more to ensure they comply with GDPR, especially those that are customer-facing,” Paul continued. “Many will have to update customer consent agreements and adapt their terms and conditions, which is likely to be time consuming and complex. If companies do not fulfil their requirements of the GDPR then they will face fines as detailed above and possibly negative media coverage and unusable data.”
Key changes businesses need to be aware of under the GDPR include; having to give requests for consent in clear language, inform people whether their personal data is being used upon request, and report any breaches within 72 hours.
To comply with the new GDPR businesses should review their privacy policies and consent requests, as well as their procedures and contracts. Other considerations include updating your data security breach plan and auditing international transfers to make sure you are allowed to transfer data.
If you need guidance on how to implement a new approach to data protection and privacy, or want to know how the law will affect your business, then contact Paul at firstname.lastname@example.org or on 01258 483607.