GDPR (General Data Protection Regulation) is coming even when Brexit takes place and it will include the right to be forgotten. But is your business ready?
On 25 May 2018 all businesses in the UK will be subject to the new GDPR legislation. This legislation replaces the old Data Protection Act and will heighten the responsibilities of data controllers and processors as well as the rights of individuals. GDPR will apply to all businesses controlling and processing the personal data of individuals residing in the EU, even if the business is based outside the EU.
Fines for data breaches and non-compliance will be based on a two-tiered system:
- Breaches of some provisions by businesses, which are deemed to be most important for data protection, could lead to fines of up to €20 million or 4% of global annual turnover, whichever is greater.
- For other breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, again, whichever is greater.