Brexit will not halt the enforcement of the EU General Data Protection Regulation on 25 May 2018; organisations need to ensure they are ready for compliance now or face the prospect of hefty fines.
The GDPR (General Data Protection Regulation) seeks to create a data protection law framework across all organisations that manage, process and control data in their interaction with the European Union (EU) and aims to give control of personal data back to the individual. The reform imposes strict rules on those hosting and ‘processing’ this data, anywhere in the world. The regulation presents some challenges to the accepted ways of managing data and makes clear the responsibilities of both the controllers of any data (whether corporate or individual) and the processors of any data.
It is a requirement that users:
- Understand how companies use their data for sales and marketing purposes.
- Are aware of their rights with regard to personal data.
- Are informed of any issues in the control and management of their data (such as data breaches).
- Organisations are concerned about the heavy financial penalties the Regulation can impose. However, there is significant gain from those that embrace, adopt and consider how planning and early adoption of GDPR can bring market opportunity or advantage.