You can prepare for the forthcoming European data protection legislation but you should also be prepared to survive a data breach writes Charlotte Bell from our partners Endsleigh.
On the 25th May 2018, The EU General Data Protection Regulation (GDPR) comes into force, and will be implemented in the UK via the government’s new Data Protection Bill.
Although the key principles of data privacy still hold true, the laws around holding or processing customer data are about to become more stringent, with larger fines attached and a wider definition of customer data. Most importantly, the new legislation gives individuals more rights when it comes to the use of their personal data.
GDPR applies to customer data, but it also applies to employees, business partners and visitors – anyone from whom personal data is obtained at any stage.
The definition of personal data has also now been widened to include any information relating to an identifiable natural person who can be identified directly or indirectly by an identifier– this could include anything from a name and email address, location data, all the way through to posts on social networking websites. You can see just how far reaching these changes will be.
Fines for breaches of GDPR are significantly higher than the existing penalties. For a breach, a firm can be fined up to €20,000,000, or up to 4% of the annual worldwide group turnover of the preceding financial year – whichever is greater.
In addition, GDPR requires that organisations must report breaches to the Information Commissioner’s Office within 72 hours of becoming aware of the breach. This is extremely challenging and will require organisations to identify, review and report breaches under intense time pressure.
Unfortunately, with increased usage of the online space and social media, data breaches are becoming increasingly common – so it’s important to consider how you would react rapidly to enable business continuity, and protect your business against reputational damage.
For more information on how you can protect yourself in the event of a data breach click here.