A new data privacy law, the General Data Protection Regulation (GDPR), comes into force in May 2018, overhauling current data protection legislation.
Here, we explain why all businesses need to take notice.
The General Data Protection Regulation (GDPR) increases consumer rights over the way their data is collected, maintained and shared. It must be met by anyone handling personal data of EU citizens, and no business is exempt.
Personal data refers to ‘anything, from a name, a home address, a photo, an email address, bank details, medical information or a computer’s IP address’.
If you handle EU citizen data, you will need to show compliance to the new regulation, ideally by having someone in your business responsible for data protection and ensuring you gain a customer’s consent before using their data (using the ‘opt in’ rather than current ‘opt out’ mechanism).
You will also need to have an action plan in case of a data breach. This will involve notifying customers and reporting the incident to the Information Commissioner’s Office (ICO) within 72 hours. This is a short amount of time, given that you will need to both determine the extent of the problem and communicate with affected customers within this time frame.
Your preparation for the impact of GDPR should be underway; whatever the size of your business. Here are 12 steps to help you get ready for one of the biggest changes in data regulation for many years.
Obviously, full compliance with the new regulation will help mitigate your risks and appear favourably to underwriters.
Our advice to businesses is act now - ensure you are ready to comply with GDPR when it comes into force in 2018.