The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) and will come into force in the UK in May 2018.
The way you, as a business, collect, store and use your data will be subject to additional scrutiny, resulting in a substantial fine if you fail to comply with GDPR, whatever the size of your business.
The Data Protection Act 1998 (the 1998 Act) sets out how businesses and the government can use personal information. It ensures that such information is used fairly and lawfully, accurately, safely and securely and only for specifically stated purposes. The Act also ensures that data is not kept for longer than it is needed and any sensitive information is treated even more carefully and also gives individuals rights to find out what information is held about them.
GDPR also affects employment contracts and therefore it is vital to ensure they are updated and any new contracts include privacy policies.
The risk of non-compliance with GDPR
The incidences with cybercrime are increasing. Criminals manage to “hack” into businesssystems and steal personal data and the culprits can then use the stolen personal data toaccess customers’ bank accounts. The GDPR increase the powers of the regulators toimpose penalties on those who breach personal data.