The British Chambers of Commerce (BCC) is urging businesses to prepare for the General Data Protection Regulation, which comes into force from 25 May 2018.
All businesses holding personal data will need to make sure their procedures are fit for purpose and compliant with the new rules.
Legislation will impact UK businesses post-Brexit, and if found non-compliant may result in potential fines of up to €20 million – or 4% of annual global turnover.
BCC has issued the following steps to its members:
- organise personal data the company holds, where it’s sourced from and who it is shared with
- review privacy notices and plan for changes before the new law comes into force
- review the process of seeking and obtaining records consent from individuals
- ensure procedures are in place to detect, report and investigate personal data breaches
- designate a Data Protection Officer (if needed) to take responsibility for data protection compliance.
David Riches, executive director at BCC, said:
“The General Data Protection Regulation is intended to reflect modern working practices in the digital age and will strengthen consumer trust and confidence in businesses.
“With 12 months to go, there are procedures businesses should be reviewing to determine what changes may need to be introduced to be compliant.
“Businesses that are already vigilant about their data protection responsibilities won’t be unduly burdened by the new legislation.”
Talk us about how these changes may affect your business.