4 Things You Have to Know about GDPR and its Significance for British Businesses
The new EU data regulation laws have been finalised and you’re probably wondering whether it will actually effect your business. The answer is yes- the new law will affect any company, small or large, that does business in the EU.
The change is the government’s attempt to strengthen and regulate data protection policies in order to protect businesses that operate in the cyber space from the cyber attacks that are impacting businesses around the world right now as you read this. But how will it affect British businesses and what does it mean going forward? We’re going to tell you everything you need to know about the new GDPR law.
1. What Is GDPR?
From May 2018, any businesses handling the personal data of people residing EU will have to strengthen their data protection policies or face a significant fine for non-compliance or for suffering from a data breach and not having adequate measures in place. It’s the EU’s way of standardising the approach to data protection as it makes the rules more or less identical throughout the EU.
2. Why Have They Changed The Law?
The current Data Protection Act of 1998 was enacted in a different technological environment pre-internet and pre- cloud technology. As most modern businesses rely on the internet, the internet has created new ways for hackers to exploit data. The new law is the government’s way of countering this. Cyber security is a hot topic in the mainstream media at the moment, with news of inadequate U.S. cyber policies, the threat of foreign cyber invaders and a surge in the number of small businesses attacked making national headlines. As technology evolves, the cyber space becomes more unsafe and businesses all over the world face an increased risk of attack. The new act forces companies to take responsibility for their security protocols and put their clients protection first.
3. Will It Still Have An Effect After Brexit?
After Theresa May’s speech its becoming clear that we’re heading towards a hard Brexit and definitely exiting the single market so you’re probably wondering if it will still apply when we part ways with the European Union. For businesses that trade in the EU and have an EU-based clientele- yes, your business is required to comply with the new law. Brexit will happen and so will the new law; we can’t avoid either.
4. What Will Your Business Have To Do?
From May 2018 companies must tell their clients why their data is being collected and what it will be used for. The law focuses a lot on consent: customers must now clearly give their permission for their data to be used. They can also withdraw their permission for further use at any point and it will be illegal for any data to be kept permanently. If your business suffers from a breach, it will have to be reported to data protection authorities within 72 hours. If you suffer a large breach, you will have to contact clients directly. Although GDPR won’t be implemented until next year, businesses must act soon if they want to avoid heavy fines. Businesses must evaluate their current security systems against the GDPR standards and invest in a new, stronger and more robust security strategy. By strengthening data protection legislation and introducing tougher enforcement measures, the EU is trying to create a safer cyber space for businesses and their customers. Gaining the trust of consumers will be an important part of survival in the emerging digital economy; complying with these laws will help ensure the longevity of your business. If you have any questions on GDPR don't hesitate to contact us.