The new GDPR comes into effect in 2 years from now. That might seem a long way off but it is barely enough time to understand the changes and put everything into place for total compliancy. What are we talking about? The new GDPR replaces the Data Protection Act as we have come to know it. It has serious implications for any business holding customer information – this includes businesses that sell products and services and also those who monitor customer behaviour (in any way – research, social media etc) of EU citizens.
It is important on many levels – for ethical reasons obviously – you are holding someone’s personal details. However you should be aware that the fines for misconduct (and this can happen just as easily by accident than design) are severe. Previously the ICO (Information Commissioner’s Office) could demand up to £500,000 for serious breaches. Under the new rules, the ICO can fine companies up to 4% of global turnover or €20m. For more minor breaches, fines up to 2% of global turnover or €10m can be levied. This is serious stuff.
A useful article outlining this is more depth can be found in the Law Society Gazette.
There are many things to understand about GDPR but you must comply with the 6 main principles of the law, have a Data Protection Officer (employed or outsourced) and completely understand what the implications of holding data are. Talk to us and we can help. Time is ticking.