The UK government have confirmed that the new General Data Protection Regulation will replace the current Data Protection Act in May next year regardless of the other outcomes of Brexit negotiations. The deadline for all businesses to conform to the new GDPR is fast approaching, and many UK companies are completely unprepared. With Brexit on the horizon, many businesses are feeling uncertain about the future and now is the time to start preparing in order to maintain the competitive edge in Europe.
Non-Compliance is a Costly Mistake
The new GDPR law applies to all companies operating within the EU or handling data from EU citizens regardless of where in the world they are based. The process to become compliant may mean an overhaul of existing data protection policies for many businesses, and fines for non-compliance. Businesses that are breached and cannot prove that they have made attempts at GDPR compliance run the risk of being fined either 20 million euros or 4% of global turnover, whichever is greater, so it is a costly mistake not to prepare for GDPR.
Greater Control for Customers
The idea underpinning GDPR is to give consumers greater control over what data companies store about them. Under the new regulations, customers can withdraw their consent for data about them to be stored at any time. It goes beyond existing data protection legislation by extending the definition of personal data to things like computer IP addresses and genetic information. Organisations which hold personal data must be able to prove that consent has been given, show what their data is being used for, and demonstrate that data is being protected. If a security breach has taken place and personal data is at risk, firms have a 72 hour window to notify customers.
Your Business May Not Be as Well Prepared as You Think
GDPR is being brought in as part of a strategy to protect personal data in a time where cyber attacks are becoming more frequent and constantly developing in sophistication. Under these circumstances, it is necessary for companies to demonstrate that they are doing everything possible to protect customer data from hackers. Personal data can be left insecure by widely accepted practices, such as employees using cloud storage for work-related information, using their own devices at work, and taking work home with them. Firms may not already be aware of potential security weaknesses such as these, so the first steps toward GDPR compliance is awareness and understanding of how their data is stored and used.
According to GDPR specialists EMW Law, only 29% of UK businesses have begun preparing for the changes to the regulations, a worrying statistic given that organisations on average require 12-15 months to prepare. There are now only 10 months to get GDPR ready and gain that compliance edge over your competitors.