GET READY FOR NEW DATA LAW
A new law, the General Data Protection Regulation (GDPR), comes into force next May. It will have a big impact on the way many businesses can store, transfer and process personal data.
Breaking the GDPR could result in heavy penalties with the most serious violations potentially leading to fines of up to €20 million or 4% of turnover (whichever is greater). Matthew Pryke, a partner at law firm Hamlins, looks at what steps you can take to prepare now: 1 Make sure you do a thorough audit of the information you hold.
Businesses are required to document the personal data held, where it came from and who the business shares its data with. Until a full audit has been undertaken it is difficult to address this requirement. 2 Review how you seek, record and manage consents for use of data. Consents under the GDPR must be clear, unambiguous and freely given. ”Opt Outs” will not do. 3 Allocate an appropriate budget.
As with any business change, there are unavoidable costs. They’ll include, for many organisations, the appointment of a Data Protection Officer. Without a budget and an employee responsible for this project you will find it hard to meet the various obligations required. 4 Review your privacy policies.
It is inevitable the privacy policies and notices used by your business – whether as part of a website or on other media – will need to be reviewed and updated to reflect the changes required by the GDPR.
Once notices have been bought up to scratch, systems can then be put in place to ensure these privacy notices are effectively communicated to customers and other individuals whose data you hold. 5 All businesses will be required to have the correct procedures in place. These will involve the detection, reporting and investigation of personal data breaches. This can include cyber attacks and other unauthorised disclosure of data to which many businesses are now subjected.