Did you know the current 1998 Data Protection Act (DPA) is due to be replaced in May 2018?
The DPA is being replaced by the new European-wide General Data Protection Regulations (GDPR) and these will change how organisations can collect, use and transfer personal data with far more comprehensive and far-reaching criteria that businesses must adhere to.
Whereas the current DPA only applies the UK, GDPR will apply to the whole of the EU, and to any global brands who hold data on EU citizens. If your business market your products to people in the EU or monitor the behaviour of people in the EU – even if you’re based outside of the EU then the GDPR will apply to you. Despite the UK leaving the EU these new regulations will still apply so its essential UK business prepare for changes in May 2018.
The GDPR has been designed to ensure there is more transparency between businesses who collect and control data and individuals who’s data is being collected and used by clearly informing the individual what they will be using their data for. Companies are only permitted to collect data that is adequate, relevant, and limited to what is necessary for the intended purpose of collection. Data collected by businesses which is deemed unnecessary or excessive will be breach of the GDPR.
You might think this is an issue for your HR or IT Department but, since this is also an issue about the handling and holding of data it will affect whoever is responsible for the storage, destruction or recycling of equipment that contains data. organisations need to understand the new regulations and ensure everyone is complying as there will be hefty financial penalties for businesses that don’t. These penalties can be up 4% of your global annual revenue or up to £20 million (whichever is greater.)
Disclaimer: This article post is not legal advice for your company to use in complying with GDPR.