The EU Data Protection directive soon to be enforced is to bring data protection legislation into the digital era. With the existing British Data-Protection Act 1995 being predominantly built upon paper based documentation and data, the importance of electronic and digital data processing, storing, transferral and capture is not included. The new data protection legislation will encourage a society of monitoring, reviewing and assessing data processing and retention of physical and electronic data.
Although it seems likely that the Data Protection Regulation (DPR) won’t come into force until late 2017 at the earliest, the text is expected to be agreed by all parties by the end of this year.
You can do some preparing in advance for the impact of the “General Data Protection Regulations”.
Know Your Data.
- Appoint a Data Protection officer.
- Research how the GDPR applies to your business.
- What data are you collecting on individuals?
- Where does it come from?
- What are you using it for?
- Where and how are you storing it?
- Who is responsible for it and who has access to it?
- Are you passing it on to any third parties?
- Make policies and embark on change.
The EU Data-Protection directive includes changes to breach enforcement with organisations being held accountable and responsible more than they ever have done before. Currently the ICO are able to enforce monetary fines for data breaches up to the value of half a million pounds sterling. Within the new legislation penalties are going to rise as high as one hundred million euros or 5% of the organisations global profit depending which is higher. As well as the monetary enforcements of DP breaches, organisations will be required to formalise breach notifications including notifying their end users/clients (who the data is about) and informing shareholders, partners and members within the organisations.
Publically admitting fault to a data breach with or without a monetary fine could critically damage an organisations reputation, therefore business owners and directors must ensure that they’re taking responsibility and proactively encouraging a digital era data protection policy.
DataSpace are more than happy to provide consultation about General Data Protection Regulations, for more information please call us on 0800 331115 or email firstname.lastname@example.org