Changes to Data Protection law are coming to the United Kingdom
Lenny Wood, Marketing Manager at Frama UK, warns that the General Data Protection Regulation (GDPR) will transform the way that companies send emails.
The General Data Protection Regulation (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
The regulation was adopted on 27 April 2016 and comes into force on 25 May 2018, after a two-year transition period. The Government has confirmed that the United Kingdom’s decision to leave the European Union will not affect the commencement of GDPR.
The GDPR provides a single legal framework that will apply to all members of the EU, streamlining and hopefully simplifying what is currently a mix of laws for each member country. Directly concerned with the collection, storage and use of personal data, GDPR will impact every business that holds any personal data in any format.
How will it affect your business?
Any business that collects, stores or uses personal data will be subject to GDPR and have an obligation to comply with its rules or face serious penalties if they don’t.
While most companies will already be looking at how they acquire, store and manage personal and sensitive data, many are not aware of the risks concerning the transmission of this data between internal employees and external clients.
Are you able to answer the following points?
1 What measures are currently in place for sending sensitive personal/fnancial data via email?
2 How does your business prove it is compliant in this regard?
The Information Commissioners Office and GDPR
Information Commissioner Elizabeth Denham has told businesses there is no time to delay in preparing for “the biggest change to data protection law for a generation”.
Ms Denham has called on businesses to see the commercial benefits of sound data protection and to act now to ensure they’re compliant by 25 May 2018.
“If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”
At a recent Wall Street Journal event, Elizabeth Denham also spoke to business leaders about the importance of cyber security.
An updated data protection toolkit for SMEs is now live on the ICO website, including a new element focused on getting ready for GDPR. This checklist can help organisations assess their progress in preparing for GDPR.
Consequences of inaction
Non-compliance may leave you open to substantial fnes under the GDPR. Article 83(5)(a) states that infringements of the basic principles for processing personal data, including the conditions for consent, are subject to the highest tier of administrative fines. This could mean a fine of up to €20 million, or 4% of your total worldwide annual turnover, whichever is higher*. With these stringent new rules and large fines, can you afford not to act?