What Will GDPR Mean For Your Business?
6 July 2017
It is now less than a year until one of the biggest upheavals in data protection rules comes in to place – the General Data Protection Regulation (GDPR). The ruling will come in to play as of the end of May next year, and will apply to all organisations operating within the EEA. For now, that includes the UK.
Owing to data breaches such as the NHS, Yahoo and Talk Talk, cybersecurity is being ‘stepped up’ at an incredibly quick pace. The question of whether or not we need to hold on to personal data (and how much information about a person it is necessary to store) is at the forefront of all of these changes. As recruiters – and, in fact, any business who keeps client records, no matter how small – this could well see a real change in the way we retain information.
Companies who don’t comply are threatened with a robust fine for the misuse of data, which can be anything up to €20 million or 4% of annual turnover, depending on the severity of the breach. The new laws are designed to create some form of clarity around the storage of sensitive data, as well as offering increased protection against the threat of another cyberattack.
Whilst Brexit does leave things a little up in the air, the UK government has confirmed that it will insist on compliance up until the point of exit. Following our departure from the EU, the rules will still apply to any business who provide products or services to countries operating within the EU.
The GDPR will require massive amounts of planning and perhaps even restructuring within the businesses affected. Evidence of data processing and a higher standard of data storage are just some of the aspects of the ruling that businesses will need to consider. The smart thing to do (given the May 2018 deadline) is to begin reviewing data protection policies, procedures and practices company wide and assess what needs to be altered to adhere to the ruling. Being able to justify the types of data you store is essential.
The ruling also includes the statement that individuals have the right to see what data is being stored and object to its processing. For the first time ever, individuals can request that companies delete their information from a system. This could cause major shake ups for many businesses. Whilst customers have always been able to request the information a company has on file, they have never been able to ask for total deletion of details.
From recruitment agencies to energy companies; from telesales to doctors’ surgeries – all of these organisations will have to think about the safest way to store sensitive information and whether or not all of the details they hold about an individual are necessary.
Compliance will bring with it an increased administrative responsibility, particularly in training staff to notice a data breach and respond to it appropriately. However, the severe financial and reputational repercussions that will come with not adhering to the GDPR will be significantly worse.
Written By Mary Palmer