The management and safeguarding of personal information for businesses operating in the UK and Europe is changing, with the introduction of the new General Data Protection Regulation (GDPR) – the largest shift in corporate data management legislation to take place in a generation.
Understanding how your data represents a significant resource and a potential risk to your company’s continued operations is therefore essential. Organisations will need to adapt to a far tighter regulatory landscape when it comes to the management of data in future and GDPR is a necessary evolution of data protection when the risks to both businesses and consumers are greater than ever before.
What is GDPR?
Introduced across all member states of the European Union (EU), GDPR is a framework of data protection laws that spell out the manner in which organisations must inform individuals on the collection, use and storage of data, as well as the need to secure informed consent for these actions.
Coming into effect from May 25th 2018, GDPR is applicable to businesses in every industry and sector that has access to personal or sensitive information. This relates not only to a company’s clients, but also to those targeted through advertising or other data collection strategies, as well as employees.
In essence, GDPR is the new legal benchmark for the management of personal data that all businesses must adhere to. It is being administered in the UK by the Information Commissioner’s Office (ICO) and the body will have the authority to carry out criminal investigation into any organisation it believes to be failing to maintain its responsibilities in this area.
What does GDPR mean for businesses?
Ultimately, GDPR is designed to enhance transparency and provide new safeguards for individuals in how their information is managed by companies. To facilitate this process, a number of new rights have been introduced for individuals, including:
In addition, the issue of consent is one that organisations must address, as under GDPR companies may only make use of data that is provided with an individual’s “freely given, specific, informed and unambiguous” consent.
As a result, businesses must now be seeking approval for the use of all data. In cases where new contacts are being forged and new information is being collected, informed consent should also be requested and provided before this data can be used.
What are the consequences for breaches of GDPR?
In the past, companies could expect to face a limited fine for issues of data loss or the mismanagement of personal information, but under GDPR these sanctions are being considerably increased.
Organisations that fail to maintain their responsibilities in terms of effective and transparent data management following the introduction of GDPR will face fines of up to €20 million or four per cent of their global turnover, whichever is greater.
How is Experience Invest safeguarding your data?
At Experience Invest, we remain committed to ensuring the safe and responsible handling of all personal information. As a result, we offer an assurance that we will always seek permission before utilising any personal information that is provided to us.
We will ensure that:
You can find out more about the details of GDPR and its impact for businesses at the ICO’s official website, as well as by contacting our team.