The General Data Protection Regulation (GDPR) comes into effect across Europe in May 2018 and will apply to the UK despite Brexit. As this is a ‘regulation’ rather than a ‘directive’ it is binding and effectively forms part of UK law as soon as it comes into force.
GDPR will apply to every organisation in the EU and any organization holding data that belongs to an EU citizen.
GDPR will require many businesses to appoint a Data Protection Officer (DPO) to achieve compliance but regardless of whether the regulation obliges you to appoint a DPO you must ensure that your business has sufficient staff and skills to discharge your GDPR obligations.
What should you do now?
These new regulations will present a major challenge to small-to-medium size businesses who might not either be aware of their obligations or have the resources in place to implement changes.
Much has been said about the fines, up to 4% of annual global turnover or 20 million, but there are also many benefits for organisations that ‘get it right’, in particular building customer trust and demonstrating transparency.
The GDPR is the biggest change in data protection ever to occur in the UK and will require major changes in the way both large and small companies work.
We are running a series of events with expert speakers providing information, insight and advice to help organisations understand their obligations and the opportunities.
Our first event has already sold out and there are limited places left at our next event.
Click here to find out more.
Ignoring the regulation until it's too late could be a costly mistake.