Businesses Must Still Comply With New European Data Protection Laws or Face Fines

With less than half of businesses preparing for new EU data protection laws which come into force in May 2018, data protection experts at Irwin Mitchell are reminding firms that the new legislation will still apply despite Theresa May triggering Article 50 today.

A study by Veritas in December found that less than half of firms had begun the process of making their businesses compliant for the upcoming General Data Protection Regulation (GDPR).

With just over a year to go before the deadline, Joanne Bone, who specialises in data protection at the law firm, says businesses that had put their compliance on hold while waiting for the outcome of the EU referendum must take action or face hefty fines.

Expert Opinion

In a recent survey of our clients they ranked data protection and GDPR compliance as top of their list of concerns ahead of Brexit, yet a worryingly small amount of firms seem to be preparing to comply.

Businesses who think that Brexit will mean the new rules don’t apply to them are mistaken as the Government has already indicated they will stick to the reforms after Britain leaves the EU.

It is hard to think of a business today that does not use personal data. Whether you have employee data, customer data or supplier data – if the data relates to an individual you will be caught by the new data protection laws. Even data relating to sole traders and partnerships will be caught.

The GDPR requires businesses to carry out a root and branch review of how they collect and use personal data. Failure to comply can lead to fines of up to €20m or 4% of global turnover whichever is the greater. Doing nothing is not an option and the sooner you start the better. May 2018 may sound a long way off but the scale of the reforms means that you need to deal with the issues sooner rather than later.

That said, taking a proactive approach to preparing for GDPR compliance will potentially reap benefits. Good data governance can build customer trust. The right permissions can also help you take advantage of Big Data and enable you to commercialise your data. Joanne Bone - Partner

Some of the key changes to be introduced by the GDPR include:

• Compulsory notification of data breaches;
• Obligations to be more transparent in how you use personal data;
• Increased rights given to individuals to access the data you hold on them;
• The Right to be Forgotten.

Non-compliance can lead to potential fines of up to €20 million or 4% of annual worldwide turnover, whichever is bigger. 

Expert Opinion

You need to get your data fit for purpose. Doing nothing is not an option. You need to understand what data you have, how it has been collected and what you do with it. You then need to identify where you have compliance gaps.

Our experienced team of advisors can help you carry out this data “health check”, work with you to identify the gaps and come up with a tailor made solution for your business to ensure that it is in the best shape possible to be GDPR compliant come the 25 May 2018 deadline. Joanne Bone - Partner

Find out more about GDPR.