The General Data Protection Regulation (GDPR) is only 7 months away but many businesses are still either resistant to the changes they need to make or aren’t aware of them at all. What does the GDPR mean to your business and why should you get ready for it?
The current Data Protection Regulation, launched in 1998, made significant changes and improved and regulated the way businesses controlled personal or sensitive data but nearly 20 years ago our data and the world we lived in was very different. In 1998 a 500MB hard drive was relatively high powered, Google was new, Facebook was 7 years away and phones weren’t very smart at all. Not surprisingly the changes in how we live our lives and share our information in an increasingly digital world mean that the existing 1998 regulations don’t fit at all. Whilst some businesses may still be resistant to the changes, the GDPR will make how businesses collect, store and use information more transparent and will give individuals more control over their personal data.
Whether you agree with the GDPR or not it is likely to apply to you. Even if all you do is collect or store email addresses for your newsletter you need to think about how you control, store and use the information that you keep. Even smaller businesses will need to comply so it makes good business sense to understand the regulations and to get ready for it now. Whilst the GDPR does offer some exemptions to SMEs of less than 250 employees i.e. not needing to appoint a data protection officer (DPO) there is still an expectation that the standards of maintaining data will apply to all sizes of business. The GDPR also appears to recognize that smaller businesses with a limited customer database are unlikely to present as significant a risk as a large global organisation that regularly processes large amounts of data but how you handle your customer’s information and data is still important. It’s difficult for anyone to predict exactly how the regulations will be interpreted and implemented but preparing for, (and following), the GDPR guidelines is essential for every size of business.
If you haven’t already, your business needs to start getting ready now. Although the GDPR isn’t being fully implemented until May 2018 it was adopted in April 2016 so businesses will have had 2 years to deal with and prepare for the changes. Even with Brexit the GDPR will still apply. By May 2018 our European status is unlikely to have changed and with the proposed Data Protection Bill, announced in the Queen’s speech in June 2017, looking to “implement the GDPR standards across all general data processing” the way companies manage their customer’s information is definitely going to be more heavily regulated.
Both the GDPR and the proposed Data Protection Bill carry the potential of hefty fines for a serious breach. If you are found to be in breach the GDPR allows for fines of up to 2% of global turnover or €10 million and the Data Protection Bill looks to increase that to a higher rate of up to 4% of global turnover or £17 million (approximately €20million). Realistically it would take a significant, prolonged and mishandled breach for the maximum fine to be applied but it is still a possibility for all businesses.
Disclaimer: This material is provided for your general information and is not intended to provide legal advice. To understand the full impact of the GDPR on any of your data processing activities please consult with an independent legal and/or privacy professional.