“How did it get so late so soon?” Dr Seuss
It is now less than 1 year before the new European General Data Protection Regulation (GDPR) comes into effect. This new legislation is the biggest change to data protection in many, many years. The current regulation was created before so much of our lives and personal information was online and used for other purposes.
GDPR has been created to update data protection practices to be more in line with the way the world operates today. It requires a fundamental shift in the way personal data is handled. This will be a big change for many companies, especially in the SME space, where personal data exists but is not a primary element of the business. GDPR will require changes to policies and procedures, documentation, IT configurations and possibly legal agreements you have with customers and suppliers. Simply put, it touches a number of different areas of your business. For that reason, it is not something that can be addressed in a few days. Every company in the world who does business in Europe is going to be affected by this.
With such a big change, coming it would be easy to think that the ICO will be busy with enforcement on large companies. However, there are suspicions that the ICO will easily be able to identify companies who have not addressed GDPR. Once the new regulation kicks in on May 2018, you must be able to demonstrate that you take data protection seriously and this can involve things as basic as public facing transparency statements and opt – in features on your website. It is no longer a case of facing fines from the ICO just because of a data breach.
The ICO is selling GDPR as a business benefit to offset the fact that this is going to be a BIG deal for SMEs. Most small to medium size businesses are not set up to effectively deal with data protection in the first place. Currently, an issue only comes to light when there is a problem (reactive). From May 2018, its more about proving compliance (being proactive).
Numerous changes will need to be made to your organisation and procedures. Don’t underestimate it! We encourage you to start the journey sooner rather than later.