She’ll Be Coming Round The Mountain When She Comes…

GDPR, or General Data Protection Regulation if you want to be fancy, is a new set of rules set by the European Commission to govern all of our personal data, to make sure that it is as private and secure as possible. Due to be implemented on the 25th May 2018, this is to replace the outdated Data Protection Directive and intends to give citizens control over their personal data. Yes the focus is initially on the average Joe having more control of their data; being able to get businesses to delete their unnecessary personal data. However there will be implications for any company who holds data of an EU citizen.

We all know that data breaches are becoming more common, not just the big boys of the world (Yahoo, LinkedIn) but smaller companies are getting breached. In my view, the smaller companies are probably an easier target, their infrastructure will not be as robust, their security measures won’t be advanced and it could be a quick win for hacking groups to target. One of the biggest changes within the law is the cost for companies who don’t comply. It can cost up to 4% of a company’s global turnover or €20 million, depending on which is greater. The threat is there to make sure that companies change the way that they deal with their data.

Recently, the Information Commissioner’s Office in the UK set up some guidelines to help businesses prepare for GDPR. The recommendations share quite a few of the same principles and concepts of the current Data Protection Act, so the majority of companies following this legislation should be covered when the changes kick in, however the majority of predictions show that companies will go on recruitment drives for Data Protection Officers.

This is a very brief overview, it’s just to highlight the changes that will take effect and to show that really, there’s not much difference to the Data Protection Act, just a much larger fine if a company doesn’t comply. What other challenges do you think there would be when this change kicks in next year? What, if anything, will you be changing in your business structure to make sure that you comply? If you think this won’t apply to your company, you are probably wrong if you hold any customer data from companies in the EU. Brexit won’t save you, hiding with your head in the sand and ignoring the changes definitely won’t save you, read up on the regulations and if you need help, feel free to get in touch. I’m not a GDPR expert, but I know people who are…