Any business looking to set up a subsidiary in the UK, or anywhere in the EU, will have to have at least a basic understanding of the General Data Protection Regulation (or GDPR). The Regulation is the biggest shake-up of individual rights to their personal data of the Internet age and will have a major impact on how data is stored and shared within and without the EU.
What has changed?
From May 25 2018, the regulations change to unite all local privacy laws across the EU – changing the definition of what constitutes personal information to include names, photos, email addresses, and even a computer’s IP address. This applies across a person’s whole life, there is no distinction between a personal email and a work email, for example.
The new rules also introduce new rights for consumers, including the right to be forgotten, the right to know what data is held, the right to object to receiving marketing and the right to have information about them corrected. This means that explicit consent must be received from the consumer for each use of their data before it happens, meaning separate consents are needed for different activities.
What does it mean for my business?
It is vital that businesses comply with the new regulations, with tough penalties in place for non-compliance, up to a 4% fine of global revenue. This applies even to non-EU companies who hold the data of EU citizens, or EU companies who process data outside the Union. While it is a good idea to appoint someone to oversee the transition to the GDPR rules and ensure compliance, it is more than just an IT issue. Sales and Marketing are two of the areas most directly affected.
The most important measures to take are to ensure that you have procedures for properly obtaining the right consents from customers, a policy on what data is kept, where and why, storing the data securely, ensuring that old data is deleted and ensuring there is a procedure for deleting or amending data when requested.
While most of these needs are just good housekeeping anyway, they will soon be enforceable by law. It is very important that all businesses not only understand what GDPR means, but that they also have a plan to transition. Our team of legal experts can help you with guidance and answer any questions you may have about GDPR and how it can affect your business. Get in touch with us today!