GDPR, the General Data Protection Regulation, is an EU Directive that is due to replace current UK Data Protection Directive.
On 25th May 2018, legislation on how you process, store, use and dispose of personal data is changing.
Regardless of Brexit, the law on data protection is changing and GDPR will affect the way you process and manage public data.
Who does GDPR apply to a what are the penalties for non-compliance?
GDPR applies to all industries and organisations where personal data is held or processed. This includes both public and private sectors, basically, anyone who holds, processes, manages or deals with other people’s personal or sensitive data.
This includes any information relating to an individual that can identify them, such as CCTV images, photos, databases, names, addresses and emails.
The regulation also relates to sensitive data, such as religious beliefs, ethnicity, health or relationship status and even criminal records, court proceedings and court sentences.
Businesses need to be aware of GDPR and to make sure they’re compliant. When the new regulation comes into play, the responsibility falls with individual organisations to ensure they hold and manage data in accordance. GDPR increases the responsibility businesses have to inform clients and customers about how their data is being used and by whom.
Failure to comply comes with serious consequences.
Non-compliance can lead to fines of up to 4% of an organisations’ annual turnover, or €20 million (whichever is higher) and anyone with a breach should notify it within 72 hours of the breach, as well as alerting the individual(s) concerned.
Regardless of the fines, a breach of data protection could have serious implications on a businesses’ reputation. The latest YouGov poll, commissioned by the ICO showed 77% of customers would stop or consider ceasing to use a company’s services if there was a data breach.
It is important that organisations processing and controlling personal data are aware of data privacy and have appropriate cyber security tools in place to protect it from loss or theft.
If you are unsure how GDPR affects your organisation or you need advice on the best way to manage your customers’ data in accordance with the new regulation, please contact us and we would be happy to advise.