UK data protection laws to be overhauled
Businesses are ‘unprepared’ for GDPR
A recent YouGov survey revealed that a mere 29pc of UK businesses have started preparing for the General Data Protection Regulation (GDPR), leading experts to fear that many will not be ready by the time the EU regulations come into effect. Source: The Telegraph
Further to this and the news article from the BBC and other such articles that have been in the news in recent months – We would like to point you to the Overview of the General Data Protection Regulation (GDPR)
GDPR is the new European legal framework for the protection of personal data. The regulation officially comes into effect on 25th May 2018. It comes in place of the 1995 Data Protection Directive (DPD) and, prior to Brexit, would have led to the UK implementing a new act in place of the existing Data Protection Act 1998. The GDPR has been designed to address the inconsistent data protection laws that currently exist throughout the EU’s member states, amongst other data protection concerns; and includes new responsibilities for data controllers and processors.
In summary, GDPR encompasses the right of individuals to:
- Access their personal data
- Have their personal data forgotten
- Obtain a copy of their data in a ‘portable format’
- Have personal data updated and maintained
- Provide consent – ‘opt in’ rather than this be assumed
- Restrict where their data is used
- Be notified when there’s a major breach involving their data
As of the 2018 deadline, any data controller or processor who fails to comply with the regulation will face the following fines:
Data breaches which are deemed to be the most important for data protection could lead to fines of up to €20m or 4% of global annual turnover, dependent on which is greater.
Other data breaches could lead to fines of up to €10m or 2% of global annual turnover, dependent on which is greater.
This is definately an area we would recommend you look more closely at to make sure you are prepared for these new rules.