In May 2018 a new set of EU-derived General Data Protection Regulations, known colloquially as GDPR, will officially come into force in the UK. The new rules are designed to bring digital laws up to speed with advancements in technology and will give people more control over their personal data. With firms facing fines of up to €20m for non-compliance, it’s important to get a handle on the facts.
The primary aim of GDPR is to unify data protection across the EU. The regulations will give individuals more say over what happens to their data – including, within certain parameters, the “right to be forgotten” – and will actually change the definition of what constitutes “personal data” in the process. For example, IP addresses will now be considered personal data, so any company that wishes to sell this information on to a third party must now seek your consent. In fact, if a firm intends to collect personal data of any type, it must always secure consent and state explicitly how it intends to use the data. If called upon, companies must be able to prove unequivocally that consent has been given.
GDPR will make it easier for companies to comply with data protection laws when doing business across borders. However, the new rules also put the onus on firms – particularly those defined as “data controllers” and “data processors” – to ramp up their cyber security measures. Firms that fail to encrypt the data they store could be fined for non-compliance, so we are likely to see a boom in IT firms offering cutting-edge new encryption solutions any day now.
The Brexit Factor
With Brexit on the horizon, you could be forgiven for thinking that none of the above will actually affect your business. However, although the GDPR regulations will no longer apply to UK businesses in the event of our eventual exit from the European Union, the government’s new data protection bill will. The new bill, introduced to the House of Lords on 13th September 2017, closely mirrors the terms of GDPR, so UK businesses will essentially be beholden to the same rules post-Brexit. There is no get-out clause or “Brexit Factor” which will exempt you from complying. Indeed, the proposed fines for non-compliance with the UK bill are similarly hefty, with businesses facing penalties of up to £17m (or 4 percent of their turnover) in the event of a breach. All in all, it’s worth familiarising yourself with the bill and putting plans in place to ensure you’re up to speed.
If you have concerns about how the GDPR regulations will affect your business, particularly on the recruitment side, call Frontline today – our experts will be more than happy to help.