GDPR, GDPR, GDPR. The business world and marketeers can’t stop talking about it. Yet so many people don’t understand what it means and more importantly how it will impact them and their business.
So what is GDPR?
3 out of 4 adults do not trust businesses with their personal information. GDPR aims to give individuals greater control of their personal data.
Technology and use of data especially on digital formats with internet, cloud based services and social media sites have given the business world, unprecedented access to the personal details of users. Things have moved on a lot since the European Directive 95/46/EC from which Data Protection Act (DPA) 1998 derives and which the GDPR replaces. This may explain why the EU have spent the last four years drawing up the new legislation that aims to give citizens back control over their personal data and create a harmonised data protection framework across the EU.
But with only 6% of UK marketeers feeling that they fully grasp what forthcoming EU-wide privacy rules will mean, more communication is clearly needed.
How does it impact your business?
When the new legislation kicks in on 25 May 2018, companies could face significant fines for failing to comply. The maximum fine for a breach of the DPA is £500,000. A breach of the GDPR could result in a maximum fine of EUR20M or 4% of total worldwide annual turnover, whichever is higher. In 2015, 74% of small and medium businesses reported a security breach, leading to an estimated £908m in fines.
It’s worth noting fines aren’t the only issue for businesses facing a security breach. Reputational damage, business disruption and loss of revenue are also key risks.
Fines are not limited to security breaches. The highest fines that may be imposed by data protection authorities relate to infringements of the GDPR concerning the lawfulness of the data processing, data subjects’ rights (including transparency on how individuals’ personal data is used) and international data transfers.
With the increased fines and expanded scope of GDPR, which also applies to data processors, now is the time to review and remediate existing policies, procedures, systems and documents.
It is increasingly important for businesses to evaluate all the risks they face, and include IT security and protection requirements in their overall contingency strategy. An area to consider is whether your insurance continues to keep pace with changing environments and legislation.
Not understanding the General Data Protection Regulations is not going to be a good enough excuse, regardless of the size of your business. Read our infographic for our 12 useful steps to help you prepare for GDPR.
The information contained in this article is not intended as legal advice, which we are not authorised to provide.
Source Zywave Regulatory Update