Are you ready for GDPR?
Whether your business is big or small, you’ll have to comply with new regulations on the secure collection, storage and usage of personal information.
If you own a small business and you haven’t already then please pencil in 25 May 2018 as the date that the European General Data Protection Regulation (GDPR) comes into force.
The legislation has been introduced to encourage companies across the EU to think seriously about data protection. Despite the UK having voted to leave the EU, UK businesses will still have to comply if the data they handle is about EU citizens or can identify individuals in the EU.
Digital Minister, Matt Hancock, has confirmed that the UK will replace the 1988 Data Protection Act (DPA) with legislation that mirrors the GDPR post-Brexit.
From 25 May all companies big and small will have to comply with regulations regarding the secure collection, storage and usage of personal information. Violations will be met with fines. But the good news is that the GDPR recognises that smaller businesses require different treatment to large or public enterprises.
Five things you need to know now about GDPR
- Companies with over 250 employees must employ a Data Protection Officer (DPO)
- GDPR will also apply to small businesses under 250 employees if the processing carried out is likely to result in a risk to the rights and freedoms of data subjects
- Breaches in data security must be reported immediately (within 24 hours if possible but at least within 72 hours)
- Individuals have more rights dictating how businesses use their personal data. In particular, they have the ‘right to be forgotten’
- Failure to comply with the GDPR will lead to heavier punishments than ever before