Proper preparation could lessen the burden and boost the benefits of the European Union's General Data Protection Regulation.
The clock is ticking on the countdown to the EU General Data Protection Regulation (GDPR) that will come into force on 25 May 2018. GDPR is anticipated to be a major disruptor, fundamentally changing how businesses and the public sector manage the information of their customers.
All firms that deal with customer data will be directly impacted by GDPR which, in today’s digital society, is more or less every sector.
Although GDPR’s deadline is nine months away, businesses must begin preparations immediately to ensure they’re in compliance with its regulations. Many firms have deferred the process due to the costs and resources associated with implementing GDPR, but taking the necessary steps now will help to ensure a smooth transition come May.
Unlike existing data protection laws, GDPR will reach further and will introduce sweeping changes, including the introduction of accountability, the need for consent, hefty fines associated with noncompliance and new rights granted to individuals regarding the use of their personal information.
Once businesses are aware of these requirements and begin undertaking the necessary preparations to be compliant, they will be able to capitalise on its key benefits as a result.
Understanding GDPR within existing data protection laws
Following years of preparation and debate, the regulation was approved by the EU Parliament on 14 April 2016. Introduced to keep pace with changes in the digital world, GDPR will be broader in scope than the current Data Protection Act that was established in 1995.
As the EU’s GDPR website points out, the legislation is designed to “harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy”.
It applies to the person, authority or organisation that collects data from individuals (‘controllers’), or, as well as third party persons, authorities or organisations that work on behalf of the controller (‘processors’).
Many have mistakenly assumed GDPR will not apply to UK businesses following Brexit. In fact, the government’s Statement of Intent for the new Data Protection Bill published earlier this year has confirmed GDPR will be enshrined in full into UK law.
As a result, 25 May 2018 will be the date that GDPR becomes directly applicable making it imperative that businesses begin implementing procedures now to ensure compliance. In addition, following Brexit, any company that deals with EU citizen data, wherever they may be located, will be required to meet GDPR’s standards.
If you haven’t heard of GDPR or are unsure of how the regulation will affect you or your business, here are some of the biggest changes to help you prepare.
Questions appear on the last page of this article.