The EU’s General Data Protection Regulation will be implemented in 2018, despite Brexit
The simplicity of the name should not disguise the impact. The General Data Protection Regulation (GDPR) comes into law across EU member states from May 2018 and is set to profoundly alter the way SMEs manage and structure their customer and employee data. Non-compliance is not an option.
The main surprise to small business owners may be the vastly increased level of fines for non-compliance. Fines will be up to 4% of annual turnover or €20m, whichever is greater.
GDPR delineates the roles and responsibilities of controllers and processors, with joint liability for data-protection breaches.
Any small business that processes data for a client firm may have to demonstrate they have appropriate data-processing controls in place and they comply with the GDPR.
Companies are advised to think long and hard before they start handing over customer data. Consumers are going to be given beefed-up, world-leading digital rights. Data is power and the European Union wants to give consumers access to that power.
This means consumers have to consent to the use of their data. They can withdraw that consent or request to see the data that companies have on them.
While there may be some people who are labouring under the assumption that Brexit means the implications of the directive will be mitigated, this is unrealistic.
The truth is that the UK is likely to adopt the directive. Britain’s exit may take time and in any case it legally remains a member until March 2019. Small businesses need to start making preparations for the introduction of the GDPR.
Some changes will be speedy and procedural but others may require alterations to infrastructure, which can be both timely and costly.
It is recommended that you conduct a gap analysis to assess any privacy risks associated with business processes and activities.
Business leaders should also involve their IT team early as compliance may simply mean tweaking databases; for other factors, the shift could be more significant.
Finally, do not panic, but do act. After all, there is now less than a year left until the effects hit.
If you are still unsure, Heartbeat HR Ltd has prepared a 12 point guide. Contact us if you would like a copy.
This month
We are offering a one off free of charge review of your Contracts of Employment.
