According to the Secretary of State for Culture, Media and Sport (CMS), the new General Data Protection Regulations (GDPR) will be adopted in the UK when they come into force in May 2018, despite Brexit.
Speaking to the CMS committee, Karen Bradley MP recently removed any speculation on the subject. She confirmed that since the UK will still be a part of the EU at the time of implementation, it will be adopting the new Regulations. No certainty was given regarding how the UK would react following its departure from the EU, should that occur, though it is anticipated that any variation would still place similarly stringent rules upon companies that hold personal data about their customers and employees.
£2 Billion Fine for Tesco Bank?
Whilst some business owners might still feel blasé towards GDPR, they do so with a not insignificant degree of risk! Take Tesco Bank, for example, which recently refunded £2.5 million to its customers following an attack. Had GDPR been in effect now, it would have faced a fine of almost £2 Billion, based on its parent company’s reported turnover of almost £50 Billion. Click HERE to read more
Capgemini and Michael Page Also in the Spotlight
It has also emerged that details regarding almost 800,000 job applicants were exposed without their consent recently. Whilst there was seemingly no malicious intent behind the breach, it was, nevertheless, a breach.
Whilst it is unclear at this stage where the blame lies – Capgemini is an outsource agency and they operated the compromised development server which held details of Michael Page’s customers – under the forthcoming GDPR rules, both would be held responsible and potentially subject to a fine.
All Businesses Take Note
GDPR will affect ALL businesses in some ways and SOME businesses in all ways. Furthermore, the ICO has stated in no uncertain terms that with a 2-year time scale to prepare, it will not entertain any excuse for breaches when the time comes. As such, all businesses MUST ensure they understand NOW what the new rules are and what their obligations will be when they come into force.
With some businesses claiming they will require upwards of 12 months to become “GDPR ready“, we recommend you take a full review of your existing practices without delay, get fully geared up on GDPR and start making the changes necessary. We have written a blog to help get you going – links to other useful pieces of information are contained within.
Businesses can benefit from this blog by making sure they understand their responsibilities under the new GDPR
Marketing Agencies can benefit from this blog by advising their own clients of their responsibilities under the new GDPR
Colleges can benefit from this blog by understanding how their practices need to be amended in order to comply with the new GDPR