In 1998, The Data Protection Act (DPA) was introduced by Parliament to control the way information is handled and to provide legal rights to people who have information stored about them. During this time, it was generally only large and corporate firms who had the facilities to collect and store large amounts of data of individuals but as time has progressed, Small and Medium sized enterprises (SMEs) have also been able to collect and store personal details of thousands of prospects. The data collected is then used for a whole host of reasons from marketing and sales to maintaining client information.
However, since the digital world has evolved and the internet has become far more sophisticated, so have cyber criminals, and these criminals have the intelligence and ability to target companies and individuals anonymously from anywhere around the world. These criminals realise SMEs are easier to target, more so than larger firms, because their cyber security may not be cultivated or worse still, they may not have any security measures in place.
Due to the increased possibility of cyber-attacks and the potential threat to SMEs and the millions of records they hold on individuals, a new regulation has been introduced. From 25 May 2018, the DPA will be replaced by the EU’s General Data Protection Regulation (GDPR) aimed to strengthen and unify data protection for all individuals within the European Union (EU).
The GDPR will obviously come into place as the UK leaves the EU, but it’s likely the UK will introduce its own data protection regulations that adopts similar principles.
You will need to ensure your data processes comply with GDPR if…
- You trade with or processes personal data of EU residents, as you will be required by law to follow the new regulations.
- Your Company DOES NOT directly trade or collect data from individuals in the EU.
What do you need to do….
- Check what systems and processes you have in place already, including how your data is currently stored.
- Check your Company’s confidentiality policies ensuring they are accurate and easy to understand.
- Check your privacy policies meet the guidelines of GDPR
If your privacy policies do not meet the regulations, The Information Commissioner’s Office (ICO) can issue fines of up to 4% of your global turnover for data breaches.
The GDPR has been put into place to highlight data protection best practice and has been introduced to protect individuals personal information, so the advice for any company is to be prepared, especially before the UK introduces a similar legislation.
If you’re unsure if your current policies meet the requirements of the new regulations, we recommend seeking advice from an approved accredited GDPR provider where they will review your existing processes and make recommendations both to your manual and computerised systems.