What do you need to know about GDPR?
A new EU General Data Protection Regulation (they’re calling that the GDPR) comes into practice in May next year. It will be of interest to, and affect, all firms who store or process data belonging to EU citizens. Even for small businesses in the UK, if you have any customers from Europe, you need to be familiar with this new legislation..
You can find the official website here. As they say: “The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared.” And according to the countdown on the website you have 234 days to bone up – starting today.
You can take a look at the none-too-approachable digest of the bulk of the changes on the official website. But key changes include a greater territorial scope, new penalties for non compliance that can total 4% of annual global turnover or €20 million (which ever the greatest) and new rule on consent for consumers you store data on.
It seems that if you already practice decent standards, and are thorough and careful, there’s likely not much more these new regulations will mean for your daily routines. Indeed, if you operate purely through marketplaces then they will help you comply pretty much as a matter of course. Areas where you need to be particularly careful are with email addresses and personal contact details.
Another question concerns Brexit. How will any future deal on the UK leaving the EU impact the GDPR? In any case, you’ll need to comply with the rules for the better part of a year as a bare minimum. And, as it seems likely that there will be longer transition period now after the two years stipulated by article 50 (perhaps as long as two or three years), so then these new rules will remain in place for that period too. It also seems likely though that a similar measure will continue to exist after Brexit.