What is the General Data Protection Regulation (GDPR)?
The General Data Protection regulation is the biggest shake-up in European data protection laws for decades, replacing the out-dated 1995 Data Protection Directive. The legislation comes into force on May 25th 2018, by which point all businesses who are affected by the GDPR must fully comply. The main purpose of the legislation is to offer European citizens greater protection and control over how their personal data is stored, collected and used. This includes requiring that company’s (or public organisation) have more robust security measures to protect against security breaches, and the ‘right to be forgotten’ GDPR request that can be made to have all identifiable data permanently erased. The legislation affects all organisations that collect data on European citizens, which means it could have global effects on non-European companies who operate outside the zone. The GDPR is a clear win for citizens and consumer but will create issues for business who must adapt their systems to satisfy this complicated, wide-reaching legal framework.
How could the GDPR legislation affect my business?
Most notably, for businesses it creates a minefield which can have severe consequences for the most egregious data breach offences; with fines of up to 4% of global business revenue or £20m, whichever is greater. Additionally, within just 72 hours of the data protection breach, the GDPR requires you to report the details of the incident to a data controller.
This tight time-frame could cause many issues for businesses with out-dated and inadequate data protection policies, due to a potential lack of awareness that a breach has even occurred, or the lack of ability to quickly collate incident reports. Therefore, having advanced and robust data protection systems is essential for not only the GDPR, but also general data protection.
Apart from the severe financial consequences that can arise directly from lack of compliance, businesses may find that they lose revenue for other reasons if they are not compliant with the GDPR. As lack of compliance will become such a big data protection red-flag by May 2018, businesses may choose to only trade with others who also maintain GDPR compliance. If you are not compliant, you may lose business.
Do the GPDR regulation affect all businesses, will I need to comply?
No. Only if you handle personal data of European citizens that could be used to identify individuals. However, as more and more businesses use larger data sets in their sales and marketing activities, the lines can easily become blurred on if you satisfy the requirements for GDPR legislation. Additionally, businesses that operate outside the EU, but collect and hold data on EU citizens, will need to comply with GDPR data privacy regulations.
Uptime Solutions can help you with GDPR compliance through a free consultation
After an initial consultation and examination of your business, we will establish how much GDPR compliance your data protection systems currently have, and how more compliant they need to be. We can then offer professional services around ensuring compliance, through a rigorous audit of your internal data protection policy. Our services will ensure that your internal data protection systems will be compliant with GDPR legalisation before the May 2018 deadline.
To see if your internal data protection and privacy policies meet the GDPR requirements, contact us today, we can help. Don’t leave it to chance, the potential fines from a data breach massively outweigh any costs incurred from becoming fully GDPR compliant.
As an added benefit, our initial GDPR consultation is completely free of charge!