With less than half of
businesses preparing for new
EU data protection laws,
which come into force in
May 2018, businesses are reminded that the
new legislation will still apply despite the
preparations for Brexit.
A study by Veritas in December 2016 found that less than half of businesses had begun the
process of making their businesses compliant for the upcoming General Data Protection
Regulation (GDPR).
With a year to go before the deadline, data protection specialist Joanne Bone, says businesses that
had put their compliance on hold while waiting for the outcome of the EU referendum must take
action or face hefty fines.
“In a survey last year our clients they ranked data protection and GDPR compliance as top
of their list of concerns ahead of Brexit, yet a worryingly small amount of firms seem to be
preparing to comply.”
Businesses who think that Brexit will mean the new rules don’t apply to them are mistaken as the
Government has already indicated they will stick to the reforms after Britain leaves the EU.
It is hard to think of a business today that does not use personal data. Whether you have
employee data, customer data or supplier data – if the data relates to an individual you will be
caught by the new data protection laws. Even data relating to sole traders and partnerships will be
caught.
The GDPR requires businesses to carry out a root and branch review of how they collect and
use personal data. Failure to comply can lead to fines of up to €20m or 4% of global turnover -
whichever is the greater. Doing nothing is not an option and the sooner you start the better. May
2018 may sound a long way off but the scale of the reforms means that you need to deal with the
issues sooner rather than later.
That said, taking a proactive approach to preparing for GDPR compliance will potentially reap
benefits. Good data governance can build customer trust. The right permissions can also help you
take advantage of Big Data and enable you to commercialise your data.
Some of the key changes to be introduced by the GDPR include:
-
Compulsory notification of data breaches
- Obligations to be more transparent in how you use personal data
- Increased rights given to individuals to access the data you hold on them
- The right to be forgotten.
You need to get your data fit for purpose. Doing nothing is not an option. You need to understand
what data you have, how it has been collected and what you do with it. You then need to identify
where you have compliance gaps.
Our experienced team of advisors can help you carry out this data “health check”, work with you
to identify the gaps and come up with a tailor made solution for your business to ensure that it is
in the best shape possible to be GDPR compliant come the 25 May 2018 deadline.
GDPR is a marathon, not a sprint
You can find out more about GDPR and the fines that may incur if your business is not
compliant at irwinmitchell.com/gdpr-2018
Published: 16 May 2017
Focus on Manufacturing - Edition 5
Sign up for updates from Irwin Mitchell
For general enquiries
0808 291 3524
Or we can call you back at a time of your choice
Phone lines are open 24/7, 365 days a year
