General data protection regulation: are you ready?

GDPR is something of a four-letter word for many business owners at the moment. The acronym, short for the General Data Protection Regulation, is causing a headache for many businesses as they come under pressure to conform to new rules on data handling and protection. 

The new regulation, which comes into effect in May next year, marks the first major overhaul of data protection regulations in the UK for almost two decades.

And the GDPR is not only creating problems for businesses. In an interview with the Financial Times this week, the government's information commissioner, Elizabeth Denham, who is responsible for implementing GDPR, said she needs “fair pay” and more staff to advise businesses on the new rules and police the regulation once it comes into force. She stated other organisations had been poaching her data regulation experts because her department can't compete on pay.

Firms are under pressure to adapt their processes to meet the new regulation on data management and ownership, including collecting and processing it fairly, lawfully and in a transparent manner. 

“Businesses have got used to data protection compliance being a box-ticking exercise. GDPR reintroduces a form of privacy and personal control over data,” says Gilbert Doull, an expert in data protection at Mentor.

“All businesses have more data than ever. And these new rules are more comprehensive than any rules they've ever faced. Employee data, customer data and mailing lists are all part of this. We recommend customers undertake a thorough audit of all their data and work from there. Organisations must look at what they told people when they collected that data and how it's being used.”

Fines for non-compliance are set to increase, up to a maximum of €20m or 4% of global turnover (whichever is the greater amount), although Denham told the FT that fines alone weren't enough of a stick. She said there would also be major reputational risks for businesses that fall foul of the new rules. 

Mentor is running a webinar on GDPR on 12 October. The regulations come in to force on the 25 may 2018.


Want to find out more?

I would like to be contacted