Although the deadline for GDPR has now passed, for many businesses the real work starts today in relation to ensuring they are fully compliant - says a data protection expert at law firm Irwin Mitchell.
The GDPR came into force from 25 May 2018 and is applicable to all businesses that use personal data. Non-compliance can lead to potential fines of up to €20 million or 4% of annual worldwide turnover, whichever is bigger.
According to Joanne Bone, commercial lawyer and data protection expert at national law firm, Irwin Mitchell, businesses must continue to evolve their approach to the landmark regulation.
Expert Opinion“Our survey into GDPR 12 months ago highlighted a significant lack of awareness about the new rules. I’m pleased to say this has changed and many businesses have been working flat out to ensure that they are compliant in time for the May deadline.
“I’m also pleased to say that a lot of organisations have approached the new rules with a great deal of positivity; seeing GDPR as an opportunity for how they interact and engage with their customers.
“It’s important thing to remember is that the so-called ‘G-day’ is just the start of the process.
“Businesses need to embed their data processing controls into their everyday processes and with the ICO saying it will issue new guidance in the future, it is vital that businesses keep up to speed with what the Regulator is telling them.
“For those businesses that don’t think that they are compliant or are concerned about it, it is important that they do not panic. Doing nothing is not an option and it is vital that businesses roadmap exactly what he going to do and by when.
“It’s also no excuse to think that it’s an EU rule and that Brexit will soon mean it doesn’t matter. The UK is committed to these rules and businesses can’t bury their heads in the sand.”
Joanne Bone - Partner