EU’s General Data Protection Regulations (GDPR) are coming into force soon...this is important if you handle personal data
The GDPR Directive enters into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018. What does this mean for the UK? In brief...the existing Data Protection Act (DPA) will be replaced by the EU’s General Data Protection Regulation (GDPR), a framework with greater scope and much tougher punishments for those who fail to comply with new rules around the storage and handling of personal data.
'Ah...but aren't we leaving the EU?' You may ask...Okay the UK is in the process of uncoupling from the EU, however the Great Repeal Act means it is very likely to be converted into British law beyond the leave date, so this does not look like an easy get out and because of the ease with which many SMEs collect data and cyber criminals seize that data, the DPA, drawn up in very different times, means the current legislation has been long overdue for an overhaul.
One of the biggest changes and challenges SMEs will face will be concerns over consent. Under the new regulations, companies must keep a thorough record of how and when an individual gives consent to store and ultimately use their personal data. This is one of many new conditions, by all accounts this is going to be very demanding legislation and potentially very costly if a fine is imposed for a data breach or misuse.
Of course there is far more to this subject than can be placed here. BT have produced a handy guide which you may want to download called 'Dealing with new EU data-protection regulation'.