GDPR and The C Word
Compliance.
Many businesses in the UK market, market to, re-market to, deal with, sell on, store, access and re-access people’s personal data — on a daily basis.
The General Data Protection Regulation (GDPR) affects all these types of data use.
Data protection regulations currently covere everything to do with having customer data. From email lists, to that whole bunch of customer _id optimised by buying behaviours all up your MySQL — if you store and access customer data, whether your customers have opted-in or not, the GDPR is about to push your compliance exercises to Olympic level.
The General Data Protection Regulation applies from 25th May 2018 to all 25 European Member States. Brexit or none, it’s believed that businesses in the UK are likely to be impacted by GDPR, at least in the short term. Those with bases in Europe, with European customers and who have dealings in the rest of the EU will also be directly affected. Without compliance, sanctions which are universally applicable, promise fines of 4% of annual worldwide turnover or €20 million.
Wut? What is GDPR?
GDPR is arguably the most impactful, relevant and all-round thunderbolt of a change made to European Privacy Law from the last couple of decades.
Back in 2012, the European Commission proposed the legislation after years of discussion around personal data flows. Currently, personal and personalised data flows quite freely across borders in largely commercial contexts, while most individuals find themselves unaware of simply how far their personal information can reach, how much it gets sold for, and how they are largely put through obscure and varying processes when it comes to withdrawing consent over how their personal information is used, depending on who and where they ask.
The GDPR is kind of…already applicable?
Some law firms suggested that even though it’s not (at the time of writing this) ‘active’, this legislation has consistently been influencing decisions by the Court of Justice of the EU already. In addition, this year saw the first guidelines for data protection officers and the new right to data portability brought in.
Re-examining compliance
…is starting now. Many businesses are already in the process of re-establishing their data protection, organisational structures relating to who manages data, storage, consent, cybersecurity and of course, policies in order to ensure compliance.
You can find more information about the GDPR on the Information Commissioner’s Office website: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
*Please remember the information presented on this blog should not be construed as legal or any other professional advice or service. I cannot verify information on third party sites. Always consult with a solicitor, barrister or professional advisor familiar with your particular factual situation for advice concerning any legal or related matters before making any decisions.
