Maybe not the sexiest topic around, but data protection is an important part of any businesses’ obligations not just to their workforce, but to their customers, suppliers and website users. In May, the new General Data Protection Regulations will come into force, replacing the current Data Protection Act 1998 and bringing enhanced security for the data of individuals and much stiffer penalties for companies who breach the rules on data protection.
The new law, a European initiative, was needed because in these days of online commerce and social media, our personal data is at far greater risk than it was twenty years ago. We shop, bank, apply for jobs, order prescriptions and basically live our lives online and deal with organisations globally rather than locally. The new laws will establish a common set of data protection rules across the EU (which the UK will still enforce after Brexit) rather than each country having their own laws, making it easier for an individual to enforce their rights if their personal data has been compromised.
What this means for businesses and any organisation which processes personal data is more onerous obligations and very steep fines for getting it wrong. Employers will need to replace their existing Data Protection policies with ones which are compliant with the new legislation, and ensure directors and management know what their obligations are under the new law. There is still time before May to put any new policies into place if you haven’t done so, but don’t delay!