With a year to go until the General Data Protection Regulation become law, British Chambers of Commerce are urging businesses to start preparing to ensure they are compliant with the legislation when it comes into force.
From 25 May 2018, all businesses that hold personal data will have to guarantee their procedures are fit for purpose and compliant with the new regulation.
While the GDPR is an EU-initiative, the UK Government has already made clear that the legislation will be part of British law post-Brexit.
Businesses that are found to be non-compliant risk potential fines of up to €20 million or 4% of annual worldwide turnover, considerably higher than fines under current data protection regulations.
David Riches, Executive Director at the British Chambers of Commerce (BCC), said: “Businesses need to be proactive about ensuring they are ready for the new data protection regulations when they come into force this time next year, and not leave preparations until the eleventh hour. Those firms that don’t fulfil the necessary responsibilities leave themselves vulnerable to tough penalties, not to mention public scrutiny.
“With twelve months to go, there are a number of procedures businesses should be reviewing to determine what changes may need to be introduced to be compliant. Businesses that are already vigilant about their data protection responsibilities won’t be unduly burdened by the new legislation.
“The General Data Protection Regulation is intended to reflect modern working practices in the digital age, and will strengthen consumer trust and confidence in businesses. It will establish a single set of rules across Europe, which will make it simpler and cheaper for UK companies to do business across the continent, even after we leave the EU.”