With just one year to go until the May 25 2018 deadline for the new EU General Data Protection Regulation (GDPR), firms must prepare now to ensure compliance and avoid fines of as much as €20m, or 4 per cent of annual revenue.
Described as the most important change in data privacy in 20 years, GDPR aims to create a standardised framework governing the way organisations handle data and empower clients to make informed decisions about the data they hold.
Unlike previous legislation, GDPR gives the individual increased power over his or her data and firms can no longer assume consent for collecting and processing that data. In addition, the definition of personal data has been expanded from names and addresses, to include all data that can ‘single out’ an individual, such as IP addresses and internet aliases.
GDPR applies to all companies handling data relating to EU citizens and firms must comply regardless of their location.
“With the prolific rise in the use of data in today’s society, GDPR will have a massive impact on firms all over the world,” says Brickendon CEO Christopher Burke. “Companies that handle client data now have clearly defined obligations and failure to comply could lead to hefty fines and possible law suits.
“The key is to act now and ensure you know what areas of your business will be affected, what changes need to be made and how you are going to facilitate those changes. Careful consideration at this stage will avoid the need for costly changes and the possibility of reputational damage at a later stage.”
With several media reports suggesting that many firms will miss the GDPR deadline of May 2018, Brickendon is urging companies to think ahead and ensure they are asking the right questions: What data do we need? Why do we need it? How long will we need it for? And who will process it for us?
Record keeping and logging should be made a top priority in order to facilitate a quick handover of information to the regulator should the need arise, and all terms and conditions, consent forms and privacy notices should be clear to ensure adequate consent is received for data usage.
Ultimately, the final impact of the new legislation will not be seen for a while, but the importance of planning can never be underestimated.
“Firms will need to embed a mindset where data privacy is at the heart of the company’s culture and not seen as a regulatory-imposed burden that slows down the business,” says Burke. “In today’s business environment where reputation matters, getting it right first time will be key.”
Brickendon’s data specialists are well placed to help address all your data issues, and help you meet the GDPR deadline. To find out more click on www.brickendon.com