A large volume of personal data (or personally identifiable information) is exchanged throughout the world. Personal data is an extremely valuable resource to companies but data protection and privacy laws across the world are gradually regulating its collection and use.
With the EU’s new General Data Protection Regulation (GDPR), which automatically takes effect in all EU member states today, 25th May, these tough new laws will bring substantial new compliance requirements and potential large fines of up to 20 Million Euros or 4% of a company’s turnover. The promise of the GDPR will be to bolster consumer rights but it also impacts on how all business handle the data belonging to their employees, workers, consultants and contractors.
Big fines could be imposed on companies that persistently, or even deliberately, ignore these new regulations. If you are a small business, do not panic. The Information Commissioner said today that small businesses who do not routinely make use of customer data will not be the ICO’s main point of focus – they will be looking at the bigger companies and of course, Facebook and Cambridge Analytica have made the headlines for all the wrong reasons.
All businesses however need to be concerned with GDPR compliance. It is unlikely that there will be any breathing room for businesses – these new rules come into effect today. Businesses also need to think about where they store their data – if it is on a server in the USA, checks will need to be made that the US company complies with the EU-US Privacy Shield.
All companies will need to evaluate their processes for handling employee and client personal data. If you require further information on the GDPR, what action you should be taking and how we can support you, please get in touch.
Another great post on GDPR http://aerisemploymentlaw.co.uk/gdpr-and-the-issue-of-consent/