There has been a lot of speculation about how the new EU General Data Protection Regulations (GDPR) will affect businesses. What is certain is that all companies will have to be compliant or risk not only huge fines from the Information Commissioner’s Office (ICO) but also claims for civil damages.
As individuals, the EU General Data Protection Regulations will be beneficial. Companies will have to make it clear exactly what we are agreeing to when we click the ‘further information’ or mailing list tick boxes; pre-ticked boxes will become a thing of the past making it impossible for companies to bamboozle us into signing up for information; and it will become a lot easier to unsubscribe and stay unsubscribed from company alerts.
We will also have the right to have our personal data erased under the new rule, more commonly referred to as the ‘right to be forgotten’.
In reality, more rights for individuals will create greater headaches for organisations. In order to avoid huge fines, as businesses we will have to make sure that we are clear and unambiguous about what we are asking customers and clients to sign up for and make sure there is a ‘double opt-in’, confirming that they are happy to receive the information.
The Regulations will also require that it is as easy to opt out of a mailing list as it is to opt-in, that data is deleted on a regular basis, and that all data breaches are reported to the ICO within 72 hours. Larger companies will also be required to appoint a Data Protection Officer.
With fines of up to €20m or 4% of global turnover, and the additional risk of civil damages a real possibility, it is vital that your company understands and is compliant with both GDPR and the UK’s forthcoming Data Protection Bill. Our experts can help you with GDPR compliance through:
We also run Breakfast Briefings throughout the year on GDPR and data protection in Hertfordshire. Please check our Events section for the next GDPR seminar.