In just 4 months, businesses across the UK and the EU will experience the greatest change to data-handling practices since the Data Protection Act of 1998.
Whether your business is ready or not, the General Data Protection Regulation (GDPR) will be implemented on the 25th May 2018. So what can you do as a business owner to prepare your team and protect your customer data?
At West Craven, we recommend that all businesses – no matter what size or industry - carry out a complete risk assessment to determine which areas they face the most risk from.
Why is the GDPR happening?
Recent technological innovation has led to an increase in cybercrime attacks - a number of which have happened very publicly and at great cost to the affected organisation.
The GDPR is a legal framework of guidelines that is intended to strengthen the rights of EU citizens in light of these breaches and misuse of data.
Under the GDPR, the following changes will occur:
• Consent - Your business will no longer be able to infer consent from silence, pre-ticked boxes, or from ambiguous opt-in statements.
• Your role - As a Data Controller, you are accountable for how your business collects, stores and processes data.
• Your customers' rights - The GDPR will give your customers control of their data. With the right to be forgotten,
the right to access, and the right to restrict processing, you will now have to demonstrate that you have lawful basis for processing.
• Your Privacy Policy - Transparency will be vital post-GDPR and you will need to review your Privacy Policy in light of this.
• Third-party suppliers - Even if your business is GDPR compliant, if you knowingly continue working with a third-party organisation that is not compliant, you may also face financial penalties.
If your business does not implement these changes in time for the GDPR, you may risk damaging your reputation and could even receive financial fines as high as 20 million or 4% of annual turnover - depending on which figure is higher.
Still unsure about the GDPR?
For more information on what steps you should be taking to prepare for the GDPR, please refer to the ICO's '12 steps to take now' guide.