On 25th May 2018, the General Data Protection Regulations will replace the Data Protection Act 1998. If you handle any form of personal data, then this will affect your business. It is therefore essential you effectively prepare.
5 things you need to know
- The General Data Protection Regulation (GDPR) is replacing the Data Protection Act 1998 from 25th May 2018
- GDPR will harmonise data protection laws across the EU and UK. The new regulations take into account the ever changing landscape of technology, and offer a global approach to data protection.
- The Regulation will apply to any company processing the personal data of individuals in the EU in relation to offering goods and services, or else to monitor their behaviour.
- Significant penalties can be imposed on employers who breach the GDPR, including fines of up to €20 million or 4% of the businesses annual turnover, whichever is greater.
- The level of fine will depend upon the type of breach and any mitigating factors, but they are designed to strongly penalise any employers who show a disregard for the GDPR.
How is GDPR different to the current Data Protection laws?
Under the Data Protection Act 1998, employers are required to provide employees and job applicants with a privacy notice, setting out certain information. Under the terms of the GDPR,
- Employers might now need to provide more detailed information, such as how long personal data will be stored for
- Should data potentially be transferred to different countries, employees will need to be informed
- Subject access requests (SAR), where individuals request their personal data, are changing. It’ll be free to make a request, and any info should be available electronically
- All employees will have the right to have personal data deleted or rectified in specific circumstances
The GDPR will also impose a mandatory breach reporting requirement. This means employers will have to notify and provide key information to the data protection authority within 72 hours of any breach.