The GDPR (General Data Protection Regulation) is coming into effect next month following four years of preparation and debate, GDPR was approved in April 2016. The GDPR regulation means that companies who collect data on citizens in European Union (EU) countries will need to comply with the new rules protecting customer data by 25 May 2018.
With the introduction of GDPR, there could be some significant changes and requirements that could directly impact your organisation and its day-to-day responsibility for data protection (and is an area we frequently get asked to advise on). This is why we have put together a week-by-week guide to assist your business in the final stages of preparation for the GDPR.
Why GDPR?
There are two main driving forces behind the GDPR: the first is that the European Union wants to give people more control over how their personal data is used, and consequently there are tougher fines for non-compliance and breaches. The second is the European Union’s desire to give businesses a simpler, clearer legal environment in which to operate and one that is identical across the single market.
4 Weeks To Go:
- You should make sure that key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
- You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
3 Weeks To Go:
- You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
2 Weeks To Go:
- You should review how you seek, record and manage consent. Consider whether you need to make any revised changes. Existing consents should be refreshed now if they do not meet the GDPR standard.
- You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
1 Week To Go:
- GDPR is now just one week away! You should be prepared and compliant for the regulation coming into effect on 25 May 2018.
The Consequences of a GDPR Breach
Failing to comply with the GDPR regulations may result in severe consequences. You may be fined:
1) Up to €10 million or 2% of your global annual turnover, whichever is greater.
2) Up to €20 million, or 4% annual turnover, whichever is greater.
If you have any concerns over the GDPR or would like some advice or guidance over the security of your data, don’t hesitate to pick up the phone and give us a call. We are always happy to help.