Is your business ready for the new General Data Protection Regulation?

Is your business ready for the new General Data Protection Regulation?

The General Data Protection Regulation (GDPR) are a new set of legal requirements that govern the handling and storage of personal data.

They come into force on 25 May 2018 and affect all EU countries, replacing the existing UK Data Protection Act (DPA).

As the UK is leaving the EU in 2019, can I just ignore GDPR?

No. Even after the UK leaves the EU in 2019, GDPR will continue to apply and will be a legal requirement here in this country.

What’s new?

The new GDPR rules are complex and far-reaching so it’s best to seek expert legal advice on how exactly it will affect your particular business.

GDPR will significantly affect the way you can collect, store and use data.

It will also require your employees to undertake cybersecurity training and will limit the way you can contact your customers via electronic communications

In short, that means:

  • You need to obtain explicit consent for personal data to be held – i.e. ‘opt-in’ rather than ‘opt out’
  • Records need to be kept up to date, must not contain personal information that is not strictly necessary and must not be stored for longer than is required for the specified purpose
  • Data must be more securely processed to protect against cyber-attacks
  • Customers now have a ‘right to be forgotten’ – meaning that you must remove their data permanently on request
  • Any breaches must be reported promptly and without delay

What do I need to do?

You need to make sure your business is compliant with the new rules by 25 May 2018. A failure to do so could be very costly, as the maximum fine for a breach of GDPR can be up to 20 million Euros or four per cent of your annual turnover.

Contact the commercial law team at Palmers and we will help make sure your business is up to speed and ready for the new GDPR rules. You can also download our FREE GDPR guide here.

GDPR Quiz

Is your business ready for the new General Data Protection Regulation?