With spring just around the corner changes loom on the horizon; on 25th May this year, Europe's data protection rules will undergo their biggest changes in two decades. Since they were created in the 90s we now exist in a comparatively digital date. We are constantly creating, capturing and storing data and the old regime quite simply is out of date.
The UK currently relies on the Data Protection Act 1998 but this will be superseded by the new legislation. Introducing tougher fines for non-compliance and breaches, it gives people more say over what companies can do with their data. The General Data Protection Regulation, often referred to as the GDPR, covers any information that is personal to an individual or can be used to determine your identity.
The legislation stipulates that businesses may be fined up to 4 percent of their global turnover, or 20 million Euro, whichever is highest for non-compliance and 2 percent for not keeping records in order. The fines obviously depend on the nature and circumstances of the breach, but the Information Commissioners Office is already listing organisations and businesses who are falling short of their Data Protection responsibilities.
Fines aside, it is worth remembering that in the highly digitalised age that we live in, the updated legislation is aimed at protecting our privacy and encouraging businesses to respect that. The impact commercially will be monumental, requiring structural and personnel compliance and adherence across the board.
TRAINEE LEGAL EXECUTIVE