The guide to GDPR compliance in the UK
What is the GDPR? If you don’t know the answer to this question, you could be leaving your business open to an expensive penalty. Before, we look at the costs of failing to be compliant with the GDPR. Let’s break down, what it is, why it’s happening and how it will affect the operations of your business.
What Is The GDPR?
The GDPR became law on May 25th, 2018. Previously, business owners had two years to prepare for this event. However, it is fair to say that there are probably many companies on the market who were still not ready for the change in the law.
It is designed as a way to ensure that data regulations and laws across all of Europe were the same. This would essentially make it easier for international businesses setting up in the area to remain legally compliant. As well as this, the new laws and regulations which mark the biggest change to data protection in Europe in over twenty years are designed to catch up with modern times.
It’s understandable why the government believed the laws needed an overhaul. Data and technology is nothing like it was twenty years ago. Twenty years ago computers filled rooms. Today, they fit into your pocket. Companies used to struggle to store MBs of data, now they can keep petabytes of data easily, and tech continues to evolve.
There has been some debate about how much business owners need to worry about these changes. For her part, the UK’s commissioner of information, Elizabeth Denham suggested that the whole situation had been taken out of context. Indeed, she suggested that it was merely a fresh step in the direction of protecting the rights of customers and helping ensure that their data was protected. Favouring the term evolution, she sees it as a natural progression.
Others however disagree, and many experts are now ready to help businesses readjust their model and make sure that they remain compliant.
Why Is The Commissioner Of Information Right?
Speaking for UK business owners, Elizabeth Denham does have a point. The Data Protection Act 1998 already exists in the UK and dictates how companies and public authorities and use information from clients and customers.
However, the GDPR does change some of the regulations here, and this will be shown in the UK through the Data Protection Bill. According to experts, the Data Protection Bill includes everything in the GDPR with some minor alterations.
Differences In The UK
There are two major differences to the version of the GDPR in place for the UK. First, special groups that gather data for historical purposes and journalists are provided with extra levels of protection. Essentially, this is to make sure that those who have good reason to gather data can continue without significant obstruction.
As well as this, in the UK, the rights of children have more protection. The UK government have put more conditions in place to make sure that companies will find it far more difficult to gather and store data on kids with an increased focus on parental permissions.
What Changes Does The GDPR Bring?
The GDPR brings a number of changes for businesses. Some of the issues to watch out for are the fact that it gives people more rights over the control of their data. For instance, you might have gathered data for a specific purpose and gained permission from the individuals affected. If you want to use the data again for a different purpose, you must regain the same permission. If you are unable to gain permission, that individual’s data must be erased. Consent is a clear and important aspect of the new GDPR. The public also has been given new ways to find out what data is being stored on them by companies.
What Do Business Owners Need To Worry About?
The GDPR does increase the level of accountability that business owners have with regards to personal data. As such, companies are going to need to make sure that they have documents laying out their data protection policies in full to show that they are fully compliant.
It is hoped that this is going to reduce the massive number of data breaches that have been seen in various companies including many located in the UK. If there is a data breach on your business, under the new law, the ICO must be informed within just 72 hours.
Indeed, for many larger businesses, the GDPR will impact their entire business model as well as how many employees complete their job. As such, if it hasn’t already occurred, teams may need retrained to give them information on the right way to complete their role while remaining compliant with the GDPR.
Furthermore, if consent is necessary for customers to give their information, then that request for consent must be as clear as possible. In other words, businesses must give the customers a choice to opt-in for their data to be used rather than simply offering an opt out.
What Are The Costs Of Not Remaining Compliant
The costs of failing to remain compliant under regulations set out by the GDPR cannot be taken likely. According to the official document, failure to abide by the new laws will result in a fine of ten million or 2 percent of the films total global turnover. This will depend on whichever option is greater, ensuring that smaller companies won’t necessarily be fined less. This is one of the reasons why new startups must be fully aware of the new regulations.
Preparing A Business For GDPR
The GDPR is already active but if you are worried that your business is not compliant there are options. You can find guides online that can provide more information on exactly how to readjust your business model. You may also want to employ a data protection officer. One of their only roles in your business will be making sure that you are compliant.
As well as this, the ICO is planning on setting up a call in service. This will provide information for small companies on how to achieve GDPR compliance without hiring an expert.