The issue of data protection is one that no business can afford to ignore and upcoming changes in the law are going to make this even more critical. Last week the Government announced new plans to allow individuals to gain more control over what happens to their personal information, which will transform the way businesses need to operate in this area.
The new bill has been put forward by Digital Minister Matt Hancock and transfers the European General Data Protection Regulation (GDPR) into UK law.
The proposals in the bill include:
The implications of failing foul of data protection laws can be very serious indeed, with GDPR bringing a maximum fine of £17m or 4% of global turnover for a serious data breach and fines of up to £500,000 for breaking data protection laws.
These proposals remain just that so far, but businesses do need to be prepared for the coming of GDPR on 25th May 2018. The UK’s eventual departure from the EU is no excuse for not being compliant with the regulations, particularly with the proposals mentioned above making it clear that data protection in the UK will likely run mostly parallel with legislation in the EU, even after Brexit.
So if your business has not yet started making plans for getting your data in line ready for next May, you need to make a start on it sooner rather than later. The key points in GDPR are as follows:
How Can You Prepare For The New Data Protection Rules?
One key step you can take to get your business ready for GDPR and the UK legislation that will follow it is to gain the Cyber Essentials scheme. Backed by the UK Government and developed in consultation with industry, Cyber Essentials is aimed at improving cyber security within public supply chains and ensuring that businesses do not fall foul of potentially costly data protection breaches.
It’s a requirement for suppliers involved in handling personal data through the provision of certain technical products and services and is good practice for any business because of the basic information security hygiene measures it teaches.
There are two levels of assessment and certification, Cyber Essentials and Cyber Essentials Plus to suit your requirements. You can find out more about Cyber Essentials and how Centre For Assessment can help you prepare for the coming changes in data protection requirements here.