Here are the
Recently, our panel of advisers highlighted how EU data protection and privacy laws are changing. Here, Martin Hoskins, an associate director in our Business Risk Services team reviews the EU General Data Protection Regulation (GDPR), which is coming into force in May 2018 and will have serious consequences for those violating the new rules.
The GDPR will apply in all EU member states and will mean that organisations will have to provide much more information than they do currently. They will need to tell both employees and customers how their personal data is being used and protected, and their rights, such as:
In addition, all significant data breaches will have to be notified to regulators within 72 hours.
Senior management teams will need formal assurance that their data protection processes and procedures are fit for purpose – if they’re not and a serious violation of GDPR rules occurs, the penalty is up to €20 million or 4% of their global revenue (current fines are capped well below this).
We advise taking professional advice to help ensure compliance, for example, by putting the following actions into place:
For more information on our services and how you can prepare for the GDPR, contact our Business Risk Services team.