The implementation date for the EU Data Protection Regulation (GDPR) came into force on 25 May. Despite Brexit, UK businesses will need to comply.
In order to maintain business links with EU countries, the UK will need to create EU equivalent rules and regulations. GDPR is an example of this and must be complied with.
As personal information becomes more regularly shared and businesses now hold huge volumes of customer data, there is a need for management and control over what businesses can do with that information.
GDPR gives regulators the ability to apply large fines of up to 20 million Euros or 4% of global annual turnover – whichever is higher, for non-compliance. As such, businesses need to take these new regulations seriously and need to implement changes to the way they operate, depending on the type of personal data that they hold. This includes customer records, databases, CRM systems, etc.
In addition, firms need to ensure that they have appropriate policies and procedures in place with regard to any personal data that they hold or process.
It’s also worth reviewing supplier contracts to ensure that these contracts are GDPR compliant. Finally, your recruitment and HR policies and procedures should be reviewed to ensure that personal data is managed in a way that is compliant with GDPR.
For businesses that haven’t yet prepared for GDPR, the best approach is probably to consider hiring an external consultant to advise the firm on getting up to date as quickly as possible. Contact us on: 0800 024 6270 or http://www.gdprhealthcheck.com/ for all the GDPR help and advice you will need.