The EU’s GDPR (General Data Protection Regulation) comes into effect 25 May 2018, and which will require major changes to the way organisations store, manage and process personal data.
Many businesses have yet to start preparing to meet the new processing requirements – citing as an excuse confusion over whether GDPR compliance will be necessary as the UK is leaving the EU, and even though Brexit will take place a year after GDPR comes into effect.
And now, there can be no excuse, as the UK Data Protection Bill – details of which were announced yesterday, Monday 7 August 2017 – demonstrates the UK’s government commitment to the principles of GDPR, and “will bring the European Union’s General Data Protection Regulation (GDPR) into UK law,” (Department for Digital, Culture, Media & Sport).
Designed to give individuals greater control over their personal data, businesses will face heavier fines for non-compliance, with the data protection regulator, the Information Commissioner’s Office (ICO) authorised to issue fines of up to £17 million or 4 per cent of global turnover, for the most serious data breaches.
Matt Hancock, Minister of State for Digital said, “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.”
The Bill will:
- Broaden the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
- Make it simpler for the public to withdraw consent for the use of personal data
- Enable individuals to request that personal data held by an organisation be erased
- Enable parents and guardians to give consent for their child’s data to be used
- Make it obligatory for ‘explicit’ consent to be given for the processing of sensitive personal data
- Make it easier – and free – to require an organisation to disclose an individual’s personal data, and easier for to move data between service providers
Matt Hancock, Minister of State for Digital said, “The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.”
With many organisations unsure of where to begin with their preparations for GDPR compliance, Vuzion has put together a package of collateral and advice forums to help partners support their customers.
“We’ve created a three-stage approach to enable partners to guide customers through what can seem a daunting challenge,” says Michael Frisby, Vuzion MD. “The first phase is for the customer to define requirements, then to create a detailed plan of what’s needed to meet those requirements, and finally to look to the technology – solutions and services – available to help deliver those changes.
“Each phase is backed up by activities partners can offer their customers, with webinars, workshops, corporate assessments and clinics hosted by an independent GDPR implementation consultant. The Vuzion team are here to be able to advise partners on the technology requirements.”