The current Data Protection Act was enacted into UK law on 16th July 1998.
How many of us remember what the world was like in 1998? Sergey and Larry were running Google out of a friend’s garage in Menlo Park, CA., Mark Zuckerberg was still in Junior High, The term Wi-Fi didn’t exist and most of us still regarded email as a piece of new-fangled technology that would never replace the faithful fax machine.
Oh how times have changed.
But the regulations haven’t. Until now, that is.
The General Data Protection Regulation, which comes into force on 25th May 2018, replaces the antiquated 1998 Data Protection Act and brings the protections provided to citizens into line with the technology advances of the past 20 years. It also unifies the protections for all citizens of EU member states – including the UK.
Under the terms of the new regulation, organisations must be able to demonstrate a lawful basis for processing personal data.
Individuals have a right to know:
· What personal data an organisation is holding on them.
· What that data is used for.
· How long that data will be kept.
And, when an individual asks for it, organisations must provide that data without delay, or at the most within 1 month of receiving the request, and cannot charge a fee for providing it.
Individuals also have a right to be forgotten (except in cases where there is a lawful basis for an organisation to continue holding onto their personal data – such as in an employment contract, for example) and organisations are required to be able to prove that they have deleted personal information.
Organisations are also required to report any breach of their data systems to the Information Commissioner’s Office (The UK regulatory body) within 72 hours of that breach occurring.
Any failure to comply with the regulations could result in heavy fines and, possibly more concerning, reputational damage to the transgressor.
All of this is great for us European citizens. From May 25th, we will have the strongest protections available anywhere in the world. However, many business owners are concerned about the implications of the regulation – and rightly so. The penalties for infringement are far more severe than in the previous Act and the responsibilities placed on owners to achieve compliance prior to the May 25th deadline are demanding.
At Business Doctors we’ve worked hard to demystify GDPR. We have developed a workshop programme that is designed to practical guide business owners through their obligations under GDPR and provide them with the tools to begin their journey towards compliance.
I will be holding my next GDPR workshop in Richmond on March 14th. Tickets cost £300 each. Click here to reserve your space. Places are limited, so please book in early to avoid disappointment.
If you have any questions about GDPR or would like to find out more about Business Doctors and the support we offer to SMEs, please email me at firstname.lastname@example.org
#GDPR #BusinessSupport #SME