It’s all change for data protection in 2018, as May sees the arrival of the EU General Data Protection Regulation (GDPR) on British shores. If you’re among the roughly 50% of small businesses in the UK that aren’t prepared for the GDPR then you have just four months to ensure your enterprise is up to scratch.
GDPR – what’s all the fuss about?
There are two reasons why the GDPR is making such an impact on the business world:
- It is a comprehensive overhaul of data protection and management that requires significant organisational change
- There are new penalties for businesses that don’t meet the requirements that will make non-compliance much more costly
The organisational impact of the GDPR
Preparing for the GDPR will require significant organisational change in some businesses, particularly where data security hasn’t previously been a priority. This could result from any number of the new provisions in the GDPR, including:
- The requirement to carry out regular Data Protection Impact Assessments where sensitive data is being handled or high volumes of data are being processed
- A new, more proactive approach to consent that means it can’t be casually given and can be withdrawn at any time. Businesses interacting with minors must obtain that consent from the parent or equivalent adult
- Individuals now have the right to be forgotten by a business, which puts a whole new kind of pressure on how data is managed and disposed of, and what can be done at speed
- A broadening of the kind of data that now needs to be handled with care – the GDPR extends this to a very wide spectrum that includes economic data and information about social identity
- More stringent requirements for reporting data breaches. Businesses won’t be able to sit on data breaches when the GDPR has come into force, as these must be reported within 72 hours to stay within the provisions of the regulation
- Expertise within the business. Depending on the type of business you are and the data you handle there may be a need to appoint an internal expert to handle data – the GDPR describes that person as a Data Protection Officer.
And those penalties…
Data breach can have some fairly severe consequences for any business. Problems with cyber security impact on reputation and can result in potential customer attrition. However, the GDPR is set to increase the pressure – the new reporting requirements that will mean it is much harder to hush up cyber security problems that have resulted in data exposure. Not only that but for the businesses that get it wrong there are new, much more significant, financial penalties too – fines of up to 4% of annual global turnover or €20 million – whichever is greater.
Given the looming deadline for GDPR compliance, and the chaos many businesses still feel about its implementation, we are offering Free Mini-Audits to businesses looking to get GDPR-ready. If you’d like to find out more about our Free Mini-Audits or have any other questions about the GDPR feel free to contact a member of the team.