On 25th May 2018, new EU-wide data protection laws will be introduced which affect all businesses. The UK Government has announced that, regardless of Brexit, this legislation will be implemented as planned and will be the basis of a new Data Protection Bill to be introduced after March 2019.
The requirements of General Data Protection Regulation (GDPR) will aim to create more consistent protection of personal and consumer data across EU countries. Some of the key privacy and data protection requirements of GDPR include:
- Requiring the consent of subjects for data processing
- Anonymizing collected data to protect privacy
- Providing data breach notifications
- Safely handling the transfer of data across borders
- Requiring certain companies to appoint a data protection officer to oversee GDPR compliance.
Compliance with the new GDPR regime is essential and both “controller” and “processor” (see below) will be jointly accountable for compliance. Failure to look after data correctly could result in a fine up to 4% of global turnover or €20m, whichever is higher.
Our role in helping our clients comply
As a first step it’s worth setting out how the legislation defines the respective roles.
- Our clients are Controllers: the person/authority/agency/body which determines the purposes and means of processing personal data.
- As a service provider EC Group is the Processor: the body which processes personal data on behalf of the controller.
- Both “controller” and “processor” will be jointly accountable for compliance.
We have set out our understanding of the key steps our clients need to take as Controllers – and the owners of the data we process on their behalf – in a handy three page guide which we are sharing with our clients. This is based on the ICO’s “12 steps to take now” guide. Please contact your account manager for further details if you have not received a copy.
Business benefits of GDPR
Despite the obvious costs of compliance, the process can produce benefits in terms of helping to reduce costs: e.g. the cost of holding unnecessary data, data back-up procedures and IT systems recovery plans. Now is a good time to review all relevant policies and procedures to realise these benefits.
We are committed to help all our clients comply with the new regulations and we look forward to progressing this in due course.