Skip to content

Get ready for new data protection laws to avoid penalties

Experts have warned businesses across the KBB industry to get ready for data protection changes or face significant fines.

Major revisions to European data protection rules are due to come into force on May 25, 2018, which will strictly govern how businesses manage and process data. Companies are being urged to take another look at their data management systems to avoid costly penalties.

The General Data Protection Regulation (GDPR) will update and expand current data protection rules covering individual personal data, under the EU directive of 1995. Since then, data exchanges between businesses and customers have changed as a result of the internet, e-mails, smartphones, social media and tablet devices.

The situation will be monitored by the Information Commissioner’s Office (ICO) and any businesses found not to have complied with the new regulations face hefty fines of up to €20 million (£17.6m) or up to 4% of annual turnover – whichever is highest.

Rod Moore, chairman of A&O IT Group, explained why the implications of the new GDPR are massive for all organisations.

“While some small business owners wrongly assume the new laws won’t apply to them, what’s even more worrying is how many remain totally unaware of the new regulations and how they will impact their day-to-day business.

“All business owners need to wake up to the fact that the new GDPR directive is a complete legal overhaul that will affect anyone who deals with personal data, whether they’re a one-man band or have multiple offices. If you hold personally identifiable information (PII) data on staff, contractors or customers, you are legally obliged to ensure that its use is limited to activity expressly approved by the subject.”

Fiona Boswell (pictured), head of commercial services at Fraser Brown solicitors, added: “Under the General Data Protection Regulation (GDPR), KBB retailers will have to pay extra attention to the way they handle personal information and permit third-party data suppliers or processors to handle personal data on their behalf.

“With all of these changes imminent, I urge businesses to act now to start the compliance process as it involves a rigorous investigation of current practices that will need to be brought into line with the new laws before they start to bite in May 2018.”

  • For more information on how you can prepare for GDPR visit ico.org.uk

You may also find interesting