General Data Protection Regulation will apply from May 2018 – discover the legal implications for your business.
0330 332 6262 | firstname.lastname@example.org
Who Needs Data Protection?
We have had data protection regulations in the UK for many years, offering individuals the protection they need over their personal data. Personal data is any information about a person which could lead to them being identified from it, such as their name, address, date of birth, political or religious opinion or even more sensitive information such as medical records, or criminal records. The current data protection laws lays down rules about how data about people can be used. This includes information stored on computers or in paper filing systems about living people. These laws are soon to be upgraded to the new General Data Protection Regulations – a set of regulations laid down by the EU. It is essential that businesses understand these new regulations, as they will affect almost every business within the UK.
Data Security Breaches
As part of the new GDPR rules, it is the responsibility of the business or their data protection officer to report any data breaches to the relevant authority. A data breach is the deliberate or accidental release of secure (private or confidential) information to an untrusted source. These can include data leaks and spills as well as accidental release of data.
Data breach can be highly serious, depending on the nature of the breach, as well as the nature of the information released. Data breaches may involve financial information such as credit card or bank details, which can be incredibly stressful and potentially dangerous for those involved.
The difference with GDPR data breach rules and the current regulations is that currently, there are no obligations on businesses to give notification about personal data breaches to the Information Commissioner’s Office (ICO), whereas under the new rules, it will be essential to notify the ICO of any data breach within a 72 hour period. This will put a great strain onto data protection officers, unless they have had full training in the new regulations and their changing roles.
Failure to notify about a data breach could land you with a hefty fine – up to 20 million euros, or 4% annual global turnover – whichever is larger.
Data breaches should be reported to the supervisory authority when they are likely to pose a risk to the rights and freedoms of individuals.
It is still considered a data breach even if no data is actually taken (such as with ransomware)
There is a 72 hour window in which breaches must be reported.
Get in touch
Find out more about our GDPR consultancy services which we have designed specifically to support businesses with their obligations under the new rules. Contact us today to book a consultation or to discuss your business requirements.