The implementation date for the EU Data Protection Regulation (GDPR) is 25 May. Despite Brexit, UK businesses will need to comply.
In order to maintain business links with EU countries, the UK will need to create EU equivalent rules and regulations. GDPR is an example of this and must be complied with if businesses want to trade with the EU. The GDPR regulations are more favourable to consumers than businesses.
As personal information becomes more regularly shared and businesses now hold huge volumes of customer data, there is a need for management and control over what businesses can do with that information.
GDPR gives regulators the ability to apply large fines of up to 20m Euro or 4% of global annual turnover – whichever is higher, for non-compliance. As such, businesses need to take these new regulations seriously and will need to implement changes to the way they operate, depending on the type of personal data that they hold. This will include customer records, databases, CRM systems, etc.
In addition, firms will need to ensure that they have appropriate policies and procedures in place with regard to any personal data that they hold or process.
It’s also worth reviewing supplier contracts to ensure that these contracts are GDPR compliant. Finally, your recruitment and HR policies and procedures should be reviewed to ensure that personal data is managed in a way that is compliant with GDPR.
There isn’t a lot of time left before GDPR comes into force. For businesses that haven’t yet prepared for GDPR, the best approach is probably to consider hiring an external consultant to advise the firm on getting up to date as quickly as possible.