As an independent law firm trading for over 35 years, berg has seen the rise of business in a digital age and the emergence of the Digital Single Market. With this in mind, the European Commission’s EU Data Protection Reform, put forward in 2012 and later agreed in 2015, presents UK businesses with a modern data protection framework in harmony with the rest of Europe.
However, will political uncertainty as a result of the EU Referendum throw a spanner in the works when it comes to compliance?
Here are some answers to the key GDPR questions:
What is the GDPR?
The GDPR is a new regulation that moves on from the European Union’s Data Protection Directive, which regulated the progression of data within the EU. This was enacted into the law of England and Wales under the Data Protection Act 1998. The new GDPR is a step forward in that it will be directly applicable to member states without the need for national implementing legislation.
Does Brexit affect British compliance?
The GDPR was adopted on 27 April 2016. It enters into application on 25 May 2018 giving businesses a two year window to prepare to comply with the new regulations. The UK’s vote to leave the EU does not necessarily exclude British businesses from the regulations when conducting business with other businesses within the European Union.
What are the benefits?
Regulation should offer businesses consistent guidance in order to avoid any wrongful actions resulting in a breach.
Businesses today, across the board, are increasingly dependent on data and this brings with it a wider management issue in terms of where the data is stored, who has access to it and how it is used.
Under the GDPR, businesses with more than 249 employees are committed to employ a Data Protection Officer for the processing of data. There is an argument, however, that this role ought to apply to smaller companies also; offering a consistent approach to the handling of personal data and therefore bridging the gap between various business functions.
How to prepare for GDPR?
Businesses intending to trade with members of the EU post May 2018 should start familiarising themselves with the GDPR and make relevant policy changes as soon as possible to get ahead of the curve, rather than waiting until the change is forced upon them later down the line.
An obvious yet simple start would be to conduct a data audit, purging any dated and unrequired data and limiting access to those who require it in order to carry out their function.
Failure to comply with the GDPR after the two year transition period could result in sanctions being imposed, to include warnings, periodic audits and fines.
It is hoped that the GDPR will ultimately result in a greater protection of citizens’ rights and cost savings for businesses.
Are the new rules a step in the right direction for businesses?
Make no mistake; personal data should always be protected from misuse and strict sanctions will ensure that the regulations are adhered to.
In light of the EU Referendum result, the true impact of GDPR on a UK company’s day to day operations may not yet be fully understood. UK Businesses intending to trade with the EU post May 2018 ought to now simply be aware of the upcoming implementation of GDPR in order to avoid putting themselves under significant pressure to make the necessary changes by May 2018.