Why UK businesses need to prepare for the EU General Data Protection Regulation 2018

Back in April 2016 the EU Parliament made a final decision to approve the General Data Protection Regulation (GDPR) that will be replacing the current Data Protection Directive. The Eu’s General Data Protection Regulation will be enforced from 25 May 2018.

The GDPR has introduced key changes to keep pace with the ‘Information Age’ - a modern landscape which is fast and fiercely evolving. The key changes are designed to harmonise and protect data privacy across the EU board and reshape the approach businesses and organisations take on data privacy. Be warned, any organisation that is non-compliant to the new GDPR will face heavy penalties.

A brief and simple breakdown of key changes
- If your business is not in the EU but provides goods and services with EU data subjects, be prepared to comply with the GDPR and may need to appoint representatives in the EU.
- The data subject has a right to be forgotten. Data controllers will be required to reduce the amount of personal data stored to identify an individual and ensure that it’s not stored for longer than it is required.
- Data subjects have a personal right to request personal data concerning them in a usable format and the right to have their personal data ported from one controller to another.
- Privacy by design has become a legal requirement which requires data protection from the onset of systems design. It is the responsibility of data controllers to only collect data that is necessary to fulfil specific systems design processes and hold no personal information on data subjects longer than necessary.
- Any business under the EU GDPR found in breach of data regulations can be fined up to 4% of annual growth turnover, or for the most serious infringements, a maximum of €20 Million.

More information can be found here: http://www.eugdpr.org/gdpr-faqs.html

SHARE THIS BLOG ARTICLE