New data protection laws in 2018

On the 25th May 2018, the new data protection laws come into force. This means that businesses, as well as public bodies, across the UK are racing against time to prepare their internal data for the General Data Protection Regulation (GDPR).

Will Brexit affect GDPR?

Even though the UK has opted to leave the EU, the new GDPR rules will still apply, as this was decided before the referendum. It will still be applicable to British law.

Rasmus Theede, Managing Director at Think Tank Digital Nations, warns that:

“If you want to do business in Europe, you need to understand GDPR. At the end of the day, if you can’t demonstrate GDPR compliance, EU companies will probably say no to you.”

I’ve not started preparing for GDPR, what should I do?

If you’ve not started to prepare your business for GDPR, don’t panic. Follow these simple tips to get started:

  • Map out all website processes: to get an idea of which departments handle personal data on a regular basis, it’s important to map out all your website processes. Look into the transit, storage, retention and deletion of sensitive data, and tighten up any ways in which the process might cause a data breach.
  • Perform a data audit: Any data that you have collated from EU citizens will need to be audited. This allows you to accurately decide which data you can keep, and what you need to get rid of.
  • Investigate your privacy policy: you need to request the consent of your visitors in a way that is clear and jargon-free. Make sure that you create a privacy policy that follows all the legal standards set by the new rules, and is easy to understand to non-legal personnel.
  • Create a detailed response plan: If the sensitive data you handle is lost, exposed or falls into the wrong hands, the new rules state that you must inform the authorities within 72 hours or less. For this reason, it’s important to put together a detailed response plan, covering how you will notify the authorities should your data be compromised.

I’ve been accused of not following data protection laws properly, what should I do?

The courts take data protection very seriously, and if your business is suspected of not following procedure properly you could be facing serious consequences. Contact a member of our expert legal team today for a free, confidential discussion about what to do next.