The EU General Data Protection Regulations came into force in May 2016 and ALL businesses that hold personal identifiable information (PII) MUST comply by 25th May 2018. This represents a sea change in data protection and introduces a raft of new rules. If you hold any personal data (PII) for anyone who resides in the EU (including the UK) you will need to comply with this new set of rules. at the moment, Brexit doesn’t change any of these rules for UK Companies since the UK will be in the EU for a year after the rules come into effect.
The consequences can be devastating for your business.
•Right to compensation for each person affected by a breach of the rules. Just one breach could affect your entire customer base giving each of them a right to sue you for compensation. Their loss need only be minimal and the Courts have held distress as being compensatable. If you have not done all you can to mitigate your loss then it is unlikely any insurance policy you may hold for such a breach will cover claims against you.
•Loss of customers / reputation. Any breach is likely to result in a loss of confidence and trust meaning your customers are likely to take their business elsewhere.
The headline items for organisations that collect or process EU citizen records are:
• They must notify their supervisory authority of a data breach within 72 hours
• The subject will have the right to retract consent, request data erasure or portability
• They may face fines of up to 4% of their worldwide turnover, or €20 million for intentional or negligent violations.
What you should be doing NOW
There may well be technological and legal changes that need to revised or introduced within your business that will ensure that your business is GDPR compliant. That’s why we’ve teamed up With Slater Heelis LLP to bring you the legal advice needed in this complex area of law. Here at Eurotek UK, we have the technological expertise to advise which products are needed to help meet those technical requirements and can advise accordingly.