In May 2018 Europe’s data protection guidelines are undergoing their biggest change in decades, threatening huge fines for businesses that don’t comply.
In an age when more and more businesses rely on websites, personal, anonymised data, cloud storage and social media, the GDPR, or the General Data Protection Regulation, provides a new framework for how businesses and public sector organisations should handle the information of customers while giving greater protection and enhanced rights to individuals.
Under the GDPR, any breach in data – destruction, loss, alteration, unauthorised disclosure – needs to be reported to the ICO (Information Commissioner’s Office) if it could have a detrimental impact on those whose data it is, such as leading to financial loss or damage to reputation.
To back this up, the GDPR comes with a new fines regime. The ICO now has the power to impose fines that are much bigger than the £500,000 limit the Data Protection Act allowed. Companies may face fines of 4% of turnover, up to a maximum of £17m.
It’s not a case of opting in or out, it’s a stark case of comply or face the consequences.
The UK’s information commissioner, Elizabeth Denham, says for businesses the GDPR represents a “step change” from previous laws. Denham stresses that the new legislation should work to create a culture of privacy within an organisation. “It creates an onus on companies to understand the risks that they create for others, and to mitigate those risks.”
It’s not surprising that GDPR compliance seems a huge, complicated burden but the truth is that it’s not something to be frightened about. Most supposed GDPR expert service providers market their services through high profile scare tactics, but in truth this is a great opportunity to make safe the online tools that are ubiquitous in business today.