On May 25th 2018, the Data Protection Act 1998 will be superseded by the EU’s General Data Protection Regulation (GDPR) legislation. Yes it will still affect your business regardless of Brexit.
What are the fines associated with GDPR?
This new legislation will enforce tougher fines for non-compliance and data breaches, giving individuals more power over what companies can do with their stored information. Your organisation could be issued with a fine of up to €20 million or 4% of your global annual turnover, whichever is greater, if you are found guilty of any activity which goes against these rules.
How will GDPR affect my business?
If you are a controller and processor of the data and are based outside the EU, the GDPR will still apply, as long as you are dealing with data belonging to EU residents.
Any collection of data requires an individual’s consent in an active agreement. It can no longer just be assumed from a pre-ticked box but you will have to be able to show a clear audit trail of consent. Cookie popups on a website and it just being a case of clicking ‘OK’, or recording client calls for ‘training purposes’ are all classed as data collection. Under the new regulations, companies must keep a record of how and when the individual gives consent to store and use their personal data.
How does the legislation affect an individual’s right over their data?
The individual has the right to withdraw the consent they once gave to use their data at any time. If they do withdraw consent, their details must be permanently erased from all systems, and not just deleted from a mailing list.
What happens if there is a data breach?
In the event of a data breach, GDPR guidelines state that companies should inform the relevant authorities within 72 hours, giving full details of the breach and proposals for mitigating its effects.
How will the new EU Data Protection laws affect UK businesses once we leave the EU?
While the new legislation will be enforced whilst the UK still in the process of leaving the EU, after the UK leaves, the Great Repeal Act means it is likely to be converted into British law and businesses will still have to uphold these practices. The UK government and the Information Commissioner’s Office have already reminded UK businesses that they would be still be expected to meet the requirements of the European regulation. It can be argued that with the UK abiding by this legislation post Brexit, it will help UK businesses remain competitive when dealing with Union based organisations.
We are ready!
Here at Complete Background Screening (CBS) we are already fully compliant with the GDPR legislation. We have ensured that all our systems are compliant and that we have consent for all the client data we hold.
GDPR will come into force 25th May 2018, at which point the UK will still be a part of the EU. Therefore, businesses will not get away with claiming ignorance. Act today and protect your organisation from being issued with any nasty fines.
CBS are ready for GDPR are you? If you would like to speak to a member of our team, you can call us on: 01443 799 900 or email us at : info@cbscreening.co.uk