Week 1 - Topic of Interest
On the 25th of May this year, the Data Protection Act in the UK will be replaced by the General Data Protection Regulation (GDPR), an EU wide regulation that aims to normalise all of the existing data protection type laws across the EU member states, and provide a lot more protection for data subjects, i.e. people who sign up to things and agree to hand over their data for companies to process.
The two biggest differences between the old DPA and the new GDPR are a) the penalties for breaching the law will be much more severe - a fine of up to 4% of worldwide global turnover or €20m (whichever is greater) and b) the rules will apply to any country, worldwide, who holds or processes data pertaining to any citizen of the EU.
Now I have actually come across some people with UK-based small businesses, who don't seem to think that the GDPR is going to apply to them. The reasoning for this seems to be that almost two years ago, on 23 June 2016, the public voted in a referendum for the UK to leave the EU. Despite this vote, and the date for our exit being set for sometime after March 2019, we will still be bound by the GDPR.
Small businesses and charities will have a lot of work to do to ensure that they are compliant. This useful checklist has been supplied by AFL Insurance (www.aflib.com).
There are many excellent guides and downloads on the internet to help business owners and charity administrators become fully compliant, so there really is no excuse. This link helps to explain it all - https://www.theregister.co.uk/2017/09/26/small_businesses_gdpr_affects_you_too/
In practice, this means that many small business owners and charity administrators will have to be a lot more organised and timeous about record keeping; some may even have to consider appointing a Data Protection Officer (who can be an external contractor). And cloud storage providers such as Google and Dropbox will not be exempt - if they qualify as data processors under the new regulation, they will have their own set of responsibilities!
On the 25th of May this year, the Data Protection Act in the UK will be replaced by the General Data Protection Regulation (GDPR), an EU wide regulation that aims to normalise all of the existing data protection type laws across the EU member states, and provide a lot more protection for data subjects, i.e. people who sign up to things and agree to hand over their data for companies to process.
The two biggest differences between the old DPA and the new GDPR are a) the penalties for breaching the law will be much more severe - a fine of up to 4% of worldwide global turnover or €20m (whichever is greater) and b) the rules will apply to any country, worldwide, who holds or processes data pertaining to any citizen of the EU.
Now I have actually come across some people with UK-based small businesses, who don't seem to think that the GDPR is going to apply to them. The reasoning for this seems to be that almost two years ago, on 23 June 2016, the public voted in a referendum for the UK to leave the EU. Despite this vote, and the date for our exit being set for sometime after March 2019, we will still be bound by the GDPR.
Small businesses and charities will have a lot of work to do to ensure that they are compliant. This useful checklist has been supplied by AFL Insurance (www.aflib.com).
In practice, this means that many small business owners and charity administrators will have to be a lot more organised and timeous about record keeping; some may even have to consider appointing a Data Protection Officer (who can be an external contractor). And cloud storage providers such as Google and Dropbox will not be exempt - if they qualify as data processors under the new regulation, they will have their own set of responsibilities!
Comments
Post a Comment