On April 14, 2018 the EU finally approved the General Data Protection Regulation (GDPR), with the aim of strengthening and amalgamating data protection for all EU citizens. The new regulation replaces the data protection directive from 1995. The enforcement date has been set for the 25th May 2018.
The European Union state the following, any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. This can be anything from a photo of the subject, phone number, an IP address they have been using or even their genetic makeup.
The GDPR has created new rules that aim to protect personal data for EU citizens, by ensuring that data is protected and regulates the exportation of this data to countries outside of the EU. All companies within the EU will be affected by the GDPR, unless you have absolutely no records of customers, debtors and suppliers which basically covers every business.
In laymen terms, all businesses that keep records of personal data, need to show that they were given consent to keep it, be able to demonstrate that this information is properly protected, what it is intended to be used for and where it will end up. If your website attains this information, then you may need to act.
Companies need to be able to show compliance by May 25th 2018. Companies that breach the GDPR can be fined 4% of their annual turnover or twenty million Euros (whichever is greater).
For more information regarding GDPR subject rights and a summary of the changes, visit the EU website using the following URL https://www.eugdpr.org/key-changes.html
All companies that collect data on citizens within the European Union need to comply with the GDPR. But how will this affect your website? Below is a list of just a few of the changes you will need to make.
This really depends on how your business operates and what the UK government intend to do post-Brexit. If your business only operates in the UK, then I guess the new regulations will have little relevance upon your business (unless the UK adopts the regulations which they have indicated they intend to do, replacing the Data Protection Act 1998). If your business deals with the EU, then regardless of what happens post-Brexit, you will need to comply with the GDPR and this includes your website.
If you are still unsure how this will affect your business, there is a FAQs section on the European Union website that might answer your question, https://www.eugdpr.org/gdpr-faqs.html
If you would like more information on how this will directly affect your website, please contact Michael on 020 8948 5808 for an informal chat.