Uber’s recent admission that 2.7 million people in the UK were affected by a security breach underlines the fact that even the largest and most technology-oriented businesses can be affected by data issues.
The EU’s General Data Protection Regulation (GDPR) is due to come into force on 25 May 2018, introducing new accountability obligations and stronger rights and restrictions on international data flow.
Businesses that handle data need to start preparing for these new obligations, which include the duty to inform of any data breaches.
Penalties for infringing the new regulation will be higher than those presently administered. Companies could have to pay up to €20 million or 4% of global turnover, whichever is higher.
For companies looking to understand and prepare for GDPR, the BPMA is running a seminar at Merchandise World run by data and marketing consultancy DAMM Solutions. Visitors to the show will also be given a free guide to GDPR.
Preparing for GDPR
On the 25 May, 2018, the biggest changes in data protection for 20 years will become legally enforceable, with the EU General Data Protection Regulation (GDPR) coming into effect.
The GDPR applies to any companies (irrespective of size) that process or handle EU residents’ personally identifiable information (PII).
Action is required now.
- Larger organisations, or those with more complex data systems will need to employ a designated Data Protection Officer (DPO). Estimates suggest 7,500 of these positions will be created in the UK in the next five years.
- Severe penalties are being put in place: – Up to 2% of global revenue for failing to comply with GDPR. – Up to 4% of global revenue (or €10million) whichever is greater for a data breach.
- Don’t be confused by ‘Brexit’. GDPR commences well before any potential Brexit date.
Source: DAMM Solutions (dammsolutions.co.uk)