Businesses across the UK are being urged to prepare for new EU data protection laws, which could see firms being fined up to €20m.
A new legislation, which is known as General Data Protection Regulation (GDPR) intends to strengthen and unify data protection for individuals within the European union (EU). It will also address the issue of exporting personal data outside of the EU.
The regulation which was adopted on 27th April 2016 will become effective on 25th May 2018. GDPR will allow people to regain control of personal data which, according to studies, 7 out of 10 Europeans worry about.
All UK companies processing data will be bound by the new GDPR laws, regardless of the impending exit out of the EU; since Britain’s exit may not formally occur until 2019.
GDPR is also about enabling organisations to realise the benefits of the digital era without invading on the privacy of individuals; but it is serious about enforcement for organisations that do not play within the rules.
The implementation of the EU GDPR will require comprehensive changes to all businesses practices of any size, especially those that had not implemented a comparable level of privacy before the regulation entered into force.
Organisations will need to ensure they use clear language when requesting to use information from stakeholders, including employees and customers. The GDPR states that all businesses collecting personal information should be able to prove consent to process data.
However, the current lack of knowledge among UK businesses, regarding data protection, could be detrimental to many. Therefore, it is imperative that organisations educate themselves or seek expert advice in order to avoid paying hefty fines.
For help with data protection and other security related matters, contact us today.