The New General Data Protection Regulation

With the new General Data Protection Regulation coming into effect on the 25th of May 2018. Many businesses have a sense of urgency about the new act as many are not prepared for the changes that will take place. A lot of business are even unaware when the legislation will come into effect.

Why are businesses dreading the introduction of the act?

Many businesses are fearful about the new GDPR act. This is mostly due to the consequences and high fines that are a result of breaching the act. Fines could be up to 20 million Euros or 4% of the company’s global turnover. The fine will be whichever figure is higher. These huge sums of money are one of the reasons why businesses especially small businesses are worried as a breach fine could cause small businesses to close down.

Most businesses are not regulation ready:

It is estimated that at the moment very few businesses are compliant. If your business processes or handles any personal data then it will need to comply with the regulation and an investment will be needed to hire a data protection officer and to educate staff members in order to become regulation ready.

Businesses that have more than 250 employees will need to hire a Data Protection Officer to oversee and monitor that the regulation is being complied with internally.

However, for smaller businesses with under 250 employees, it is not necessary to hire a DPO but these companies should consider it to ensure their practices are complying with the regulation.Depending on a smaller companies budget it could hire a current member of staff and have them undergo GDPR training.

It is important to educate all of the company employees so that have a full understanding of the regulation and can recognize potential breaches. Also, the risks and consequences of non-compliance should be highlighted. This training will benefit your company as your employees will know the importance of being compliant and be more proactive with adhering to the law.

Benefits of the law to companies:

It is not all fear, doom and gloom. The regulation has long-term benefits to benefits and offers opportunities.

In the past, some companies have received bad PR from data security breaches. The regulation will help to increase security from hackers, this increased safety could help to improve business reputations for customers. It offers the opportunity to build trusting consumer and client relationships when data subjects understand that their personal information is being handled and processed appropriately.

Data subject are required to give their consent if the data is to be transferred to a third party outside of the EU. This offers greater security and protects the data subjects even further.
The regulation requires companies to inspect and validate personal information and also rectify any previous errors. This will mean the accuracy of personal information stored databases will be improved.

Further Reading: https://www.amazingsupport.co.uk/cyber-essentials/