With only 7 weeks to go, you’ve probably already heard about the General Data Protection Regulation (GDPR) which comes in this May. The new rules will make significant changes to data protection in Europe and the wider world – but what will they mean for you and your business?
What is the GDPR?
The GDPR is an EU law, which standardises data protection across Europe. In the UK, it replaces the Data Protection Act 1998.
It builds on previous legislation, but places greater obligations on organisations that handle personal data.
When does it come into effect?
The GDPR will come into force from Friday 25 May 2018.
What’s changing?
Some of the key changes include:
The rules apply more widely
Unlike older legislation, the GDPR now applies to all organisations that process the personal data of individuals in the EU.
This includes organisations outside of the EU, as well as within it.
Stricter penalties for non-compliance
Fines can be as high as €20 million or 4% of your company’s annual turnover – whichever is larger.
This maximum may apply for the most serious violations, but penalties will be tiered according to the type of offence, and will be at the discretion of the Information Commissioner’s Office (ICO).
The ICO has emphasised that fines will be necessary, proportionate, and only issued as a last resort.
Higher standard for consent
The regulation clarifies what constitutes a user’s consent to organisations using their data.
This means using clear and plain language when asking users for their data, and no more pre-ticked opt-in boxes.
It should be just as easy for users to withdraw consent at any time.
More rights for people giving their data
The GDPR will introduce several new rights for people whose data is being processed.
This includes the right to:
- receive information about their own data and the way it’s being used
- withdraw their data
- be notified about data breaches that might concern them.
Some organisations will need to appoint data protection officers, but this depends on the scale or sensitivity of the data they use.
How will it affect businesses?
It’s true that businesses will be held more accountable under the new rules, but they’ll also benefit from implementing better data protection.
With a stronger focus on how they handle data, businesses should be able to keep this information more secure against threats of cybercrime.
Narrowing down their mailing lists also means businesses will be able to send useful information to the people who have shown their interest in it, providing a more valuable and targeted service.
Further advice
If you have any questions about preparing your small business for the GDPR, you can call the ICO advice line at 0303 123 1113.
While we do not provide specific advice on the GDPR, we’re happy to help with a range of other issues relating to your business.
© 2019 Warr & Co Chartered Accountants. Warr & Co Chartered Accountants is a member of The Institute of Chartered Accountants in England & Wales (ICAEW). Whilst the information detailed here is updated regularly to ensure it remains factually correct, it does not in any way constitute specific advice and no responsibility shall be accepted for any actions taken directly as a consequence of reading it. If you would like to discuss any of the points raised and / or engage our services in providing advice specific to your personal circumstances, please feel free to contact any one of the partners on 0161 477 6789 or contact us via our website forms. Warr & Co Chartered Accountants are registered to carry our audit work in the UK, our audit registration number is C002961684, for more information please visit www.auditregister.org.uk.