From May 2018, UK businesses are set to lose 4% of their turnover if they do not comply with this new data protection law.
From May 2018, UK businesses are set to lose 4% of their turnover if they do not comply with this new data protection law.
Why is the law changing?
In the UK, the storage and processing of any kind of personal data about people is governed by the current Data Protection Act 1998 and is enforced by the Information Commissioner’s Office (ICO). Since 1998 the way we use and transmit information, particularly electronically and through the internet has changed dramatically. The EU has introduced the General Data Protection Regulation (often referred to as GDPR) that will standardise and update data protection laws across the EU. It starts being enforceable from May 2018 in the UK by the ICO. Will GDPR apply after Brexit?
The short answer is yes it will. The UK will not have left the EU by May 2018 and, in any case, the government has said it wants to maintain the same level of data protection as the EU to allow data sharing and data services with the EU.
Who does GDPR apply to?
If your business stores or processes any data about EU or UK citizens (e.g. your payroll) then you come into the scope of the regulation. Even countries outside the EU providing services to the EU must comply with the new law.
Why GDPR matters
The penalties for non-compliance with this new law are huge: 4% of your company turnover, or 20 million Euro.
What GDPR means for companies
Most companies process some kind of personal data, for example, payroll, and even if this is outsourced to a 3rd party, under the GDPR you are still responsible for ensuring the security of the data and must ensure your 3rd party also complies with the GDPR. Your business has obligations to process, store and manage data in a way that is compliant with GDPR. This is not just an IT issue but also a business process and procedural issue. How to prepare for GDPR
You can read the regulation yourself and get help from the ICO website – a DIY approach that can take a lot of time and effort to work out how the law applies to your business.
The easy and fast self-service solution is to download the GDPR Ready guided questionnaire and audit that guides you through the process covering all the relevant points. We are working in partnership with GDPR Ready consultants to provide you with the easiest way to become GDPR compliant, making adjustments to your systems and procedures where necessary. Once completed, the audit is verified by an independent consultant. More details on our website here: www.dgt.uk.net/gdpr
How to implement GDPR
There are no hard and fast rules for GDPR compliance. There is no pass or fail test. Your business must demonstrate it is applying the regulations as best as it can, otherwise those huge penalties could be coming your way.
Check out our web page here for more details, a video and a FREE pdf download guide
