Despite only having a little more than six months until the EU General Data Protection Regulation (GDPR) compliance deadline, a recent survey has shown that 55% of UK small businesses are still unaware of the GDPR.
Lack of knowledge is high, with 27% of all senior decision-makers at UK organisations questioned unfamiliar with the changes introduced by the GDPR.
The survey also revealed that 20% of senior decision-makers said their organisation is yet to take steps to prepare for the GDPR, with an additional 19% saying they don’t know if their organisation has prepared for the GDPR yet.
Key changes introduced by the GDPR
The GDPR will supersede the current Data Protection Act (DPA) and will extend individuals’ data rights.
The Regulation will be enforced from 25 May 2018 and introduces a number of key changes to data protection laws:
- It broadens the definition of ‘personal data’ to encompass an individual’s mental, economic, cultural and social identity.
- It requires parental (or equivalent) consent to process children’s data.
- It changes the rules for obtaining valid consent when collecting data. Consent must be given by a clear and affirmative action.
- It mandates the appointment of a data protection officer (DPO) for certain companies.
- It requires data protection impact assessments (DPIAs) for organisations that undertake high-risk data processing activities.
- It requires data controllers to report a data breach within 72 hours of discovery.
- It gives data subjects the right to be forgotten.
With organisations facing significant fines for non-compliance (up to 4% of annual global turnover or €20 million – whichever is greater), it is essential that all staff, including senior decision-makers, understand the requirements of the new Regulation and how it will affect them.
Essential resources to understand and comply with the GDPR
Get all the essential resources to develop your understanding of the GDPR and your compliance obligations with the cost-effective EU GDPR Expertise Bundle, which includes:
- An essential pocket guide to get a clear understanding of the GDPR;
- A must-have guide that details what you need to do to comply with the GDPR; and
- An expert introduction to the use of Cloud services and your data protection obligations.