In May 2018 an overhaul of EU Data Protection Regulations is to come into law in the UK, with companies across the board being advised to have new processes in place that help them to cope with the changes. Being able to show that you are fully compliant with the new EU General Data Protection Regulation well in advance will stand companies in good stead moving forward.
With the Brexit vote taking place this time last year and the leave vote winning out, many business owners may have thought that the new changes in data protection regulations put in place by the EU would no longer have been relevant in the UK. Due to the negotiation period of Brexit and the years before the UK will officially be able to leave the Union, we will still be a part of the EU when these new data laws come into being. Another caveat of the changes in regulations is that any company that is based outside of the EU but plans to target customers that live within the EU, will have to comply with these data privacy regulations anyway. Let’s take a look at what business owners in the UK need to know about 2018 and the changes in data law that are about to take place.
What You Need to Know as a Business Owner about GDPR
If you are worried about the General Data Protection Regulation that is to come into place in 2018 here are a few key issues to be aware of as a UK business owner.
Show Compliance and Accountability – Any company that is caught up with over the new GDPR will have to display that they have clearly been compliant. This means that certain documents have to be maintained and that effective privacy impact assessments have been carried out throughout the company to assess the impact of the new regulations.
Personal Consent – Any data that is collected relating to employees and customers can only take place if the explicit consent has been given by the individual in question. It is not enough for the previous consent for any data that is already being held, to count. Individual rights will be enhanced, with a greater say in objecting to the process of information.
Have Data Protection Officers – In some circumstances there will be a requirements for companies to have data protection officers in place. It is the responsibility of the business owner to understand if they are required to have a data protection officer (DPO) in place and who that person should be from the existing staff members.
Detailed Privacy Policies – You will have to update all privacy policies to be clear in terms of the changes in regulation and what that means for the enhancement of individual’s rights.
It is important that business owners update their consent and data policies to be more robust, as well as having stronger procedures and policies in place so that they are fully prepared for the changes in EU data regulations in May 2018.