Data protection is serious business – and looks set to become more so in the future, as the tools available to data thieves become ever-more sophisticated. In order to improve general standards of data security, and allow consumers to browse online in relative safety, the EU has seen fit to pass new legislation with a view to improving data protection for all EU citizens. This legislation came in the form of the General Data Protection Regulation (or GDPR), which replaced an existing piece of legislation which passed in the mid-nineties. A great deal can change in two days in this world – never mind two years. Thus, these changes are long overdue.
Unlike European Union directives, European Union regulations bypass national governments and apply directly without any laws needing to be passed by national governments. The GDPR was adopted on the 27th April 2016, and which becomes enforceable from the 25th May 2018. This two-year transition period provides IT firms with a chance to get up to speed before the changes kick in.
Of course, for UK-based firms, there’s the complicating factor of Brexit to consider. Why should UK firms bother with GDPR if we’re leaving? Firstly, the regulation will come into force well before the much-anticipated exit in March 2019. Secondly, it’s overwhelmingly likely that the legislation will be shifted onto the UK lawbooks before that happens.
So what does all of this mean for your website? Let’s take a look at some of the more crucial hurdles.
If key decision-makers in your business aren’t aware of the upcoming changes, then they’ll be unable to take the appropriate action. As a result, your website as a whole may fall foul of the new law. To avoid this, provide an organisation-wide briefing and training for all staff.
In some cases, you’ll want to implement a new organisational structure to allow dedicated staff (Data Protection Officers) to ensure that you’re complying with data protection law. This would include any necessary training for new recruits. To see whether this might be necessary for your business, perform a risk-assessment before the crucial date.
You’ll want to keep track of the data you’re holding onto, along with information regarding where the data came from and where it’s being sent to – that way you’ll be able to correct any mistakes when they occur.
To begin with, transgressors will be punished with a written warning, but before long GDPR-noncompliant firms could find themselves contending with hefty fines. To avoid this, it’s worth taking a serious look at your organisation’s data-protection capability and taking any corrective action.
2 Min Read
Published: 18 July 2017
Mat is the founder here at Actuate. His role focuses on strategy, culture, looking after our clients and every now and then getting stuck in with coding.