New EU Data Protection Laws Will Affect UK Despite Brexit
The General Data Protection Regulation is being phased in over the next two years, with businesses set to feel its full force from 25th May 2018.
Despite the nature of the EU Referendum results, UK businesses won’t be able to ignore significant data protection changes announced by the EU back in May.
The General Data Protection Regulation (GDPR) – which represents the most significant adjustment to EU data protection since 1995 - will affect any businesses with dealings within the EU, regardless of their head office location. There are likely to be further implications for UK data as a whole too.
The changes come at a time of vital importance, as more and more information continues to be used and stored through the web. The sheer number of high-profile hacking scandals in the past year have only moved the issue further into the spotlight.
As a result, the EU have taken these latest steps to counter the problem.
What Does the GDPR Mean?
Harsher fines and sanctions for data breaches are at the heart of the GDPR. Under the UK Data Protection act for example, the maximum fine was £500,000. For companies affected by the new rules, this will increase to €20m or 4% of global turnover.
Some of the key points to highlight include:
- A tighter notification window for security breaches.
- Increased sanctions for breaches. These include increases to €10m or 2% of global turnover for sanctions and increases to €20m or 4% of global turnover for serious breaches.
- Increased information requirements regarding privacy statements, the use of data for marketing purpose and data storage.
- Six new data subject rights including the right to access or move data between companies and the deletion of data.
- Stricter consent rules.
- The possible inclusion of IP address and cookie data, depending on further guidance.
- The grouping of fines and sanctions into industry tiers.
- The likelihood of some additional leeway being given to SMEs deemed to pose less of a risk to the privacy of citizens. They will still feel punishment for breaches though.
Indirectly, there are other serious implications for your business if you fall foul of a data protection breach. At the head of these is the reputational damage that you’re all but guaranteed to suffer if you find your company in the mix of such a situation.
Marketing Week recently reported that as part of Aimia’s annual Loyalty Lens report, it was found that more than 20% of customers would delete their account if concerned by data protection issues.
Throw negative reaction from the press in with any initial loss of custom and you’re left staring into the abyss of a PR nightmare.
How Can I Prepare?
Moving forward, the GDPR means that companies must place even more importance on the protection and storage of consumer data. UK companies are being urged to familiarise themselves with GDPR, irrelevant of Brexit, in order to be as prepared as possible when it becomes fully enforced.
Some of the primary ways you can prepare for the GDPR include:
- Raising awareness of the importance of data protection within your company.
- Creating an audit that is used for the creation of any marketing campaigns and documentation.
- Spend the next 2 years implementing good practices ahead of the full GDPR enforcement.
More than anything, the GDPR simply brings the importance of consumer data further into focus. If you go about things the right way – like we do here at Evoluted - then these latest rules shouldn’t be of too much cause for concern.