May 25th, 2018 will see a huge shift in data protection with businesses in the UK required to comply with a whole raft of new regulations. The current Data Protection Act is revoked and a new regulation comes into force – the General Data Protection Regulations (GDPR).
The General Data Protection Regulation is the most significant development in data protection that Europe has seen over the past twenty years. There is a much greater emphasis on compliance following a widely held belief that businesses have not taken data privacy seriously enough previously. It is a regulation that is relevant to every business, regardless of size or sector.
The Data Protection Directive of 1995 is largely outdated. The level of growth in technology, rapid adoption and the emergence of SaaS has rendered elements of the Data Protection Directive obsolete. The new legislation is designed to protect EU citizens and to protect their data from being exploited. Cyber security threats are also getting ever more sophisticated which poses a problem to many businesses about possible security attacks – it’s not if, it’s when.
The accountability principles within GDPR places the onus of compliance squarely on the shoulders of individual businesses (regardless of whether your data is on premise or in the cloud). Each business must be able to demonstrate they comply with the regulations and it is their responsibility alone to ensure they do so. If the company is found to be neglectful, then someone will be held accountable.
Being able to demonstrate compliance with GDPR will be a major task for businesses of all sizes. Companies with over 250 staff must also appoint a Data Protection Officer (DPO).
Under the GDPR, you must also appoint a data protection officer (DPO) if you:
This is a significant departure from DPA and the DPO will act as a first point of contact as well as monitoring and ensuring compliance with all regulations.
They vary depending on the severity of infringement. Some businesses can be fined up to 4% of annual turnover or 20 million euros so you need to take this very seriously.
UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the European Union, and the government has confirmed that the regulation will apply, a position confirmed by the Information Commissioner.
The GDPR introduces Data Protection Impact Assessments (DPIA) as a means to identify high risks to the privacy rights of individuals when processing their personal data.
A planned, structured approach to the inevitable changes needs to be started sooner rather than later. A clear process has to be in place for managing data breach incidents.
Here at Genesis Business Systems we are working with customers to ensure your business complies to these new regulations.
Don't worry we will be creating a full series of documents around this in the run up to May 2018, so stick with us and we will guide you through.
Contact our team today to find out more about Data Protection and how it will affect your business. Call 01482 210999 or email [email protected] and we will be in touch.