0370 1500 100

With less than half of businesses preparing for new EU data protection laws, which come into force in May 2018, businesses are reminded that the new legislation will still apply despite the preparations for Brexit.

A study by Veritas in December 2016 found that less than half of businesses had begun the process of making their businesses compliant for the upcoming General Data Protection Regulation (GDPR).

With a year to go before the deadline, data protection specialist Joanne Bone, says businesses that had put their compliance on hold while waiting for the outcome of the EU referendum must take action or face hefty fines.

“In a survey last year our clients they ranked data protection and GDPR compliance as top of their list of concerns ahead of Brexit, yet a worryingly small amount of firms seem to be preparing to comply.”

Businesses who think that Brexit will mean the new rules don’t apply to them are mistaken as the Government has already indicated they will stick to the reforms after Britain leaves the EU. It is hard to think of a business today that does not use personal data. Whether you have employee data, customer data or supplier data – if the data relates to an individual you will be caught by the new data protection laws. Even data relating to sole traders and partnerships will be caught.

The GDPR requires businesses to carry out a root and branch review of how they collect and use personal data. Failure to comply can lead to fines of up to €20m or 4% of global turnover - whichever is the greater. Doing nothing is not an option and the sooner you start the better. May 2018 may sound a long way off but the scale of the reforms means that you need to deal with the issues sooner rather than later.

That said, taking a proactive approach to preparing for GDPR compliance will potentially reap benefits. Good data governance can build customer trust. The right permissions can also help you take advantage of Big Data and enable you to commercialise your data. Some of the key changes to be introduced by the GDPR include:

  • Compulsory notification of data breaches
  • Obligations to be more transparent in how you use personal data
  • Increased rights given to individuals to access the data you hold on them
  • The right to be forgotten.

You need to get your data fit for purpose. Doing nothing is not an option. You need to understand what data you have, how it has been collected and what you do with it. You then need to identify where you have compliance gaps.

Our experienced team of advisors can help you carry out this data “health check”, work with you to identify the gaps and come up with a tailor made solution for your business to ensure that it is in the best shape possible to be GDPR compliant come the 25 May 2018 deadline.

GDPR is a marathon, not a sprint

You can find out more about GDPR and the fines that may incur if your business is not compliant at irwinmitchell.com/gdpr-2018

Published: 16 May 2017

Focus on Manufacturing - Edition 5

Sign up for updates from Irwin Mitchell

Key Contact

Joanne Bone