April 24, 2017
Office Supplies reported that the GDPR is due to be implemented by the British government but that as the Brexit negotiations are taking place will British businesses submit to the new rules the first change to them in 20 years.
All data of EU citizens will be “governed by GDPR” whether their country is a member or not and the article goes on to say that this will “go beyond shredding documents” and that there will be a legal responsibility from “third party service providers of data storage and cloud services” for the processes of data security.
Businesses are advised by the Chartered Institute of Personnel and Development about becoming GDPR compliant and have provided a list of points for deliberation. Businesses are asked if they need to have a “data protection officer” and if they have “privacy impact assessments in place” that evaluate whether there is potential for breaches to take place.
They are also asked if they have any “systems in place to manage data breaches” and if they can fulfil a customer request “for the right to be forgotten” and lastly will a business be able to fulfil not retaining data for “longer than necessary”.
Any breach of these requirements has to be reported to the data protection authority within 72 hours and those who do not obey the rules could be fined up to €20 million ($21.72 million) or up to four percent of their global turnover.
According to the article one in four businesses have “cancelled GDPR preparations” mistakenly believing that Brexit will invalidate the new legislation and 44 percent are under the belief that the new rules will not apply to British businesses “post Brexit”.
John Culkin, Director of Information Management at Crown Records Management, said: “For so many businesses to be cancelling preparations is a big concern because this regulation is going to affect them all in one way or another. Firstly, it is likely to be in place before any Brexit. Secondly, although an independent Britain would no longer be a signatory it will still apply to all businesses which handle the personal information of European citizens.”
Categories : Around the Industry