GDPR: One Month To Compliance Deadline

Have you prepared for the new EU data protection law?

European Union‘s new rules on data protection come into force in one month’s time, on 25 May 2018. After this date, businesses will be liable for large fines if they fail to comply.

The rules, set out in the General Data Protection Regulation (GDPR), protect the key rights for individuals in relation to their personal data, including their right to access it, know what is collected and for what purpose.

The GDPR also imposes new obligations and greater accountability on businesses and organisations who process this personal data. For example, under the law, businesses will have to report – within set timescales – any data breaches likely to ‘risk the rights and freedoms of individuals’.

The fines for violating data protection rules will also significantly increase, with potential penalties of up to 4 per cent of annual global turnover or 20 million euro, whichever is greater.

Is it too late to prepare?
The UK regulator, the Information Commissioner’s Office (ICO), has said there will be no ‘grace period’ for UK businesses, although they are likely to look less harshly on those that can show they are putting ‘appropriate systems and thinking’ in place. It is, therefore, in every business’ interest to conform to the new GDPR rules by 25 May 2018.

At the very least, you should aim to document your data, safeguard the rights of individuals, deal with subject access requests, update your privacy notices, obtain consent if necessary, lawfully process data – and be aware of what you need to do in case of a data breach.

nibusinessinfo‘s key guidance can help you tackle compliance before the times runs out. See how to prepare your business for the GDPR.