The new and much more stringent Data Protection regulations coming into force in 2018/19 will change the way companies gather and keep data, going far beyond the scope of the current Data Protection Act.
The EU’s new General Data Protection Regulations (GDPR) will come into force on 25 May 2018. The new Regulations will levy greater fines than ever before, with a game-changing maximum of €20 million or 4% of the company’s global turnover. In addition, individuals will be entitled to claim for civil damages as the result of any breaches of the Regulations.
Other changes in your processes that GDPR will require you to make:
Whatever happens with Brexit, all UK companies will have to comply with the GDPR laws as they will come into force before the UK is predicted to leave the EU. The UK will subsequently bring in the new Data Protection Bill (DPB), which will replace the current Data Protection Act.
There will be few differences between the new DPB and GDPR, although the Bill will go further on the issue of the right to be forgotten on social media posts posted before someone turned 18. It will also be a criminal offence to alter records following a Subject Access Request.