GDPR Explained – How it impacts on your business
Is your business ready for GDPR?
In May 2018, new General Data Protection Regulations are coming into force that will change the way businesses have to look after personal data.
These regulations impact on every business that processes the personal data of EU citizens, and the UK government has confirmed we’ll be using the same guidelines after Brexit. Fail to comply with the new legislation, or suffer a breach that leads to the theft of personal data, and your business could face heavy fines and serious reputational damage.
With the introduction of GDPR looming, we take a look at the new regulations, examining what they are, whether they impact on your business, and what you need to do to stay compliant.
What is GDPR?
The General Data Protection Regulations (GDPR) is a new set of rules that will replace the current Data Protection Act.
With cybercrime on the rise, and more personal data being collected and used than ever before, it’s designed to help protect individuals and give them greater control over how this personal data is used by organisations.
It introduces 8 new rights for individuals:
What are the responsibilities for businesses?
The regulations set out the requirements for businesses in terms of how they collect, process, store and use personal data:
Ultimately, it is about treating personal data with care, using it only for the purposes it was intended for, and taking all the steps possible to protect the data from falling into the wrong hands. Businesses will need to create and implement an effective GDPR plan, and be able to demonstrate they are adhering to the new regulations.
Additional information about responsibilities relating to GDPR, what your business needs to do and implementing an effective GDPR strategy can be found on the dedicated website - https://www.eugdpr.org/.
Who does GDPR apply to?
GDPR applies to any business that collects or processes the personal data of EU citizens – this includes both employees and customers. After Brexit, the government has already agreed that the UK’s new data protection rules will be GDPR compliant.
GDPR also applies to data you already have, and not just the new data you collect. Simply put, if you collect or hold personal data in any form – it applies to your business!
What are the penalties for non-compliance?
GDPR places heavy responsibilities on employers, and failure to comply with the new legislation could lead to heavy fines of up to 4% of global turnover, or a flat fine of up to €20M – whichever is the higher.
However, these are worst case scenarios, and companies should not be unduly worried – as long as they take their responsibilities seriously.
Data Compliance at Prestige
At Prestige, we take data protection seriously, and have already begun to implement a robust GDPR plan.
Whether you are a candidate or a client, we will look after your data, keeping it safe and using it only in the manner you want us to. For additional information about our GDPR plan or how we use your data, please get in touch with your local office today.