From the 25th May next year businesses will need to adapt the procedures which many of them use to process data to reflect the new General Data Protection Regulations (GDPR).
These new regulations are being introduced in order to address the ‘inconsistent data protection laws’ that are currently implemented across EU states. Although following Brexit, Britain will no longer be an EU member state, these regulations will still apply to businesses trading with companies based in the EU.
Are you confused about how GDPR will affect you?
With very little time remaining, if you haven’t already done so, it's time to start thinking about how to prepare you business for the changes that GDPR will bring, asking questions such as:
- How will I gain consent to use an individual’s data?
- How can an individual withdraw consent?
- What will I be using the data for?
- How do I record data operations and activities?
- How do I ensure data is adequately protected against breaches?
- Do I know how to notify the appropriate authorities of breaches?
For businesses unsure of the answers to these questions, it is essential that they audit their processes to ensure they fall in line with regulations come 25th May.
Gaining consent from an individual to use their data is one of the vital aspects of GDPR, businesses must clearly outline to individuals how their data will be used should they consent to it being used, as well as providing clear guidelines on how they can withdraw consent. If data will be used for multiple purposes, an individual must agree to each purpose specifically. To gain consent, it will no longer be acceptable to have a pre-ticked box, individuals must actively accept (i.e. tick the box to agree).
Changes to consent is just one of many aspects that GDPR will impact and which businesses must become accustomed to prior to next years’ GDPR implementation. Failure to comply with these regulations will trigger much more substantial fines for businesses, split into two tiers:
Tier one – For data breaches that are believed to be ‘highly important’ businesses could be fined up to €20m or 4% of global annual turnover, whichever is the greater.
Tier two – Other breaches could be fined up to €10m or 2% of global annual turnover, whichever is the greater.
These new fines have the potential to significantly impact the cash flow of a business, and therefore should be avoided at all costs with adequate preparation for the new regulations and how to comply.