What is GDPR?
GDPR stands for General Data Protection Regulations. Over the last few years, the GDPR regulations have been renewed, aiming to bring the Data Protection Act 1988 into the present. The Act played a crucial role in data protection, specifically data protection within business use and provide individuals with guidance on how best to handle, store and process information whilst at work.
The new regulations that will come into play in May contain 99 articles that focus specifically on personal data and the role individuals have over their own personal information and fines. Despite this being an EU regulation, it continues to affect UK businesses even after Brexit. Many organisations will continue to do business outside of the UK and in Europe, so it is really important that these regulations are kept up to date alongside this political change.
Why do we need new GDPR regulations?
A lot has changed since the Data Protection Act of 1988 came into effect and one of the key concerns for the Government was to create a new set of regulations that represented the change in the way we approach digital information and collect data in the present day. The previous laws no longer match the evolving digital world we live in, where we have more freedom to access data. So much of our personal information is often given out on the internet, which makes it important that we create new laws that protect our data from being breached and shared. The new regulations provide a greater level of protection to individuals, something that has been of greater concern in the last couple of years, as we have seen a large amount of reported breached data cases in large UK companies such as Facebook.
What are the new changes?
- Geographical effect
- Gaining consent
- Age barrier has risen
- Revoking consent
- Time Period to revoke consent.
- Location for complaints
- Appointing a Data Protection Officer (DPO)
These changes will come into effect on May 25th 2018.
What do they mean for businesses?
The GDPR regulations will require all companies to become fluent in what the new regulations mean for their company. They will apply to any company that processes the personal data of EU residents. It doesn’t matter how big or small your company is, or what kind of data you collect, the new regulations have been put in place to protect personal data collected from all EU citizens.
Companies with 250 employees and under are not required to follow GDPR regulations as tightly. Yet, it is important that you know how your business must abide by these rules dependent on its size.
Companies must prepare themselves to become more people-focused when it comes to handling customer data and dealing with enquiries about personal data. As of the 25h May, individuals can ask about the information that is held on them. They may also request for certain data to be erased and we can see from this that data handling is becoming increasingly client-focused.
What could happen if your business does not comply with the new regulations?
The GDPR regulations have not only introduced a new set of changes but have also implemented a new set of consequences for those who do not comply with the standards set. Your company could face a fine of up to £18,000,000 or alternatively for those smaller companies, a fine worth 4% of your global annual turnover if you fail to follow these new rules. The changes show that GDPR regulations are not only more focused on clients’ rights to their data, but that they also revolve around a new concept of accountability.
Companies and organisations are required to show that they understand the new regulations, but also provide transparency by providing detailed records of their data handling activities. Additionally, they must ensure that staff are trained, fully aware of these changes and that there are appropriate measures implemented in order to prevent breaches from occurring. Having a data protection officer (DTO) can ensure that you strictly abide by the GDPR regulations in every area of data handling and therefore avoid being subject to fines.
Whilst some of the changes appear to be dramatically different to the previous Data
Protection Act, they are easily applicable in practice. They aim to ensure an up-to-date approach to data protection and should be put into action by the 25th May 2018. Through ensuring that you have tight and secure data protection regulations and abide by the new GDPR regulations, it will elevate a company’s status and additionally ensure clients’ confidence in the services that you offer.