As Brexit continues to feature heavily in both political and business discussions, there has been an obscuring of a rather more imminent advent. What has been forgotten? It is the approach of the General Data Protection Regulation, or GDPR. April 2019 has been put forward as the date for the UK’s final departure from the European Union. The British government has no power to resist the implementation of GDPR, as it will become law on the 25th of May 2018, with almost a year of EU membership remaining. There was a long period during which clarity on the issue was wanting, with different opinions being voiced. Now, the UK has considered its legal commitments and duty and has assessed GDPR as a worthy regulation that should be enforced. Even if the regulation was to be replaced by a purely UK-wrought piece of legislation, GDPR has set the standard by which all future regulations will be guided.
From DPA to GDPR
Businesses and their customers throughout the UK will be familiar with the 1998 Data Protection Act, or DPA. Millions are used to answering security questions for ‘data protection’, and GDPR will soon take its place. While many customers may notice little change, businesses will be presented with a great deal of work as they ramp up their procedures and prepare their staff. GDPR carries a considerable amount of weight in the form of the potential penalties it can dish out. Some breaches of the new regulation carry fines of up to 4% global turnover per year, or to a total of twenty million euros. Such fines demand respect and if your business has not already done so, now is the time to prepare for GDPR.
There has been a considerable amount of guidance provided for businesses to facilitate and empower their preparations. While these tools are to be applauded, the actual adoption of the guidance still requires effort. On reviewing the issue, many firms are seeking professional assistance. Abilott are well-placed to assist both businesses and data-handling organisations to prepare for GDPR. Please contact us to discuss the possibilities, and we will be delighted to assist you.
The Next Two Steps
Nonetheless, we can recommend you consider the following points, as you prepare yourself and your business for GDPR. Firstly, conduct an in-depth review of the requirements for data protection officers (DPOs) which will depend, in part, upon the size of your operations. It will be good to assess your potential need for a DPO now, as there is a forecasted severe staff shortage looming. The UK, along with the world in general, lacks an adequate number of experienced workers to fulfil the role of DPO as outlined by the new regulation. Act now to forestall difficulties later.
Secondly, start the discussion within your business, preparing those in your employ or under your management for what is coming. Awareness must be built without delay if the required operational velocity to match the pace of GDPR is to be achieved. Help will no doubt be needed: Abilott is waiting to assist.