The European Union General Data Protection Regulation is directly applicable to all member states of the EU and shall apply as national law from May 2018. It aims to strengthen citizens’ fundamental right to data protection and facilitate business by updating and harmonising international data processing laws in the digital single market.
Under the new General Data Protection Regulation, data protection errors will be all the more expensive, with non-compliance costing companies up to 4% of annual global revenue in fines. Additionally, the new standards for data protection will increase reputation loss for cyber-security failings.
While many of the regulation’s core principles reflect those in the current Data Protection Act, the General Data Protection Regulation significantly modernises the legislative approach, and in doing so introduces new criteria for data protection. Businesses need to immediately begin reviewing how they process and store personal data and implement appropriate measures to protect it.
It is vital that businesses are up to speed on these upcoming changes. With Brexit negotiations ongoing, our firms need to be fully aware of the importance of being compliant with EU laws throughout the negotiation period or in this case they could be hit with a hefty fine.
Businesses will be faced with costs and additional administration as they review and improve their processes to ensure compliance with GDPR. We will be making clear to the Government that, post-Brexit, the UK digital charter announced in the Queen’s Speech must not add any unnecessary burdens or substantial changes to businesses as they adjust to any new framework.