UK to bring new Data Protection Bill to Parliament in 2017 which adopts GDPR
A major overhaul of EU privacy rules could make the confusing world of online monitoring a thing of the past as businesses become more transparent about the way they use your personal information as well as how and to whom it is passed.
With a stronger emphasis on e-Privacy, a raft of tough new data protection regulations are set to be brought in next May and failing to be ready could leave businesses facing reputation damage and even multi-million pound fines.
What does GDPR do
The EU’s General Data Protection Regulation (GDPR) gives people more control over how their personal data is used as well as how businesses can store and use that information. It takes on much of the approach laid out under the Data Protection Act (DPA) 1998, but converts it for a more digital age.
Despite Brexit plans, every UK business that operates in the EU or offers goods and services across Europe, will need to abide by the new regulation, which comes into force on May 25th, 2018. In addition to that, the UK are in the process of adopting it into statute in September 2017 with little variation from the EU regulation.
Failing to adhere to this could leave a business facing huge fines stretching in to the billions of pounds. And a major cash hit is not the only implication facing businesses – damage to a reputation could be the difference between a business thriving or failing. Global internet giant Yahoo’s massive data breach in 2014 is said to have impacted on a takeover deal of the firm after data including names, email addresses, phone numbers and encrypted passwords of ‘at least’ 500 million user accounts were affected.
Much to be done
With such far reaching privacy consequences ahead, more needs to be done by businesses to ready themselves for the changes.
The Government, via the Information Commissioners Office (ICO) are working to explain and introduce GDPR as it seems that awareness of the new regulation is still poor. In fact, it is estimated that half of organisations have no plan for GDPR.
With compliance to the GDPR the responsibility of each individual business, it is essential that a cohesive plan is in place, especially as a breach of the new privacy rules could leave companies at risk of penalties of up to £17million (€20million).
For more information about how our compliance management software Gydeline can help you be ready for the GDPR, click here.