The General Data Protection Regulation (GDPR) – the new legislation that will determine how businesses are to handle and process data – will come into force from 25 May 2018, leaving organisations yet to take action to comply with the European Union (EU) regulation with little time to get their data protection procedures in place.
With just a few months remaining to finalise what is a complicated process for businesses, one IT expert is urging business owners and IT directors to act immediately to prepare for the regulations or face potential dramatic penalties.
The ways in which companies capture, store and use data has changed drastically over recent years and consequently, the data protection rules set out in the current Data Protection Act 1998 are no longer fit for purpose. The GDPR has been created to address this issue and seeks to modernise the ways in which organisations manage data.
Despite being given a two year period for preparation, numerous reports have shown many organisations are still unprepared for the implementation of the GDPR. Organisations that are not compliant and violate certain regulations could be hit with hefty fines as a result - €20 million or four per cent of annual global turnover.
Brexit has been one area of confusion for businesses, as the UK will no longer be an EU member state. However, the GDPR will still apply to non-EU organisations that do business in the EU with EU data subjects’ personal data. UK companies with EU business interests will therefore still need to comply with the regulations.
Simon Ahearne, managing director of SA1 Solutions – a Swansea-based IT and communication firm – claims bringing a business to a position of compliance with the new law can be a long-winded and complex process. Unprepared businesses, especially larger organisations, are being encouraged to seek advice immediately or risk being non-compliant and consequently, confronted with what could be disabling fines when the law is enforced.
“Although many of the elements of the GDPR are the same as the current Data Protection Act, there are some significant changes that businesses need to be prepared for. There are new rights for people to access information that companies possess about them, for example, and clear consent must be provided for the processing of private data. People will also be able to use their ‘right to be forgotten’, where a company will have to erase the data they have on an individual.
“It is simply not worth ignoring the GDPR with the fines that come with non-compliance. Organisations should get advice and act now to ensure they are up-to-date with what is required under the new data protection regulations. The GDPR will help businesses in the long run as it means only one set of rules to abide by, and customers will be more confident that their data is stored safety and in line with legal standards.”
Having a sufficient IT infrastructure is a fundamental component to any organisation that wants to function efficiently and effectively in this economic market.
The UK has recently opened its new National Cyber Security Centre, which is part of a £1.9bn five-year strategy by the UK government to tackle cyber crime.