What you need to know about the new GDPR rules and how they will affect your business
General Data Protection Regulation or GDPR is for businesses and organisations that have a day-to-day responsibility for data protection, however, all firms should make sure they’re up-to-date with the new GDPR rules as they may still impact your organisation.
GDPR will come into action in the UK from 25th May 2018, and highlights similarities between the existing UK Data Protection Act 1998, as well as describing some of the new requirements for businesses.
Whatever your situation, Alexander & Co can provide a variety of services including Family Business Accountants; Corporate Finance Accounting and Growth Business Accountants, to advise your organisation on the best way to approach the new initiative.
In order to make sure you’re prepared for GDPR 2018, we’ve put together this useful guide with all the information you’ll need to know about GDPR and how these new rules may impact your business.
Who and what does GDPR apply to?
Similarly to the UK Data Protection Act (DPA), GDPR applies to ‘controllers’ and ‘processors’, so if your organisation is currently subject to the DPA, the chances are that the new GDPR rules will also apply to you.
The new rules apply to data processing activities being carried out within the EU, however, it also applies to firms outside the EU who provide goods and services to those within the EU.
The type of information that GDPR applies to includes personal data and sensitive personal data, however changes in the new legislation provide clearer definitions of these terms.
If you’re unsure about your obligations after the new GDPR rules are enforced, get in touch with our experienced accountants to get expert, professional guidance.
What are the key changes?
The original EU legislation was established in 1995 and since then the way we process, protect and create data has changed dramatically. The new legislation has adapted to reflect these technological advancements, and there are a few important changes that organisations should be aware of.
Organisations can no longer use long-winded and complicated terms and conditions as the request for consent. Tougher consent conditions are being enforced so that organisations must request consent in a clear and easily accessible format in plain, intelligible language.
Under the new GDPR rules, firms can be fined up to 4% of annual turnover or €20m euros, whichever figure is greater. This may seem like an extortionate figure, however, this is the maximum penalty for the most serious violations.
There is a tiered approach to fines, for example, firms can be fined up to 2% of total worldwide turnover for less serious breaches.
Right to be forgotten
This entitles the subject of the data to have the controller erase their data, and prevent further use of the data. This can occur whether the subject of the data withdraws their consent for their information to be used, or if the included data is no longer relevant to original processing purposes.
How can Alexander & Co help?
Here at Alexander & Co, we understand the importance of keeping your personal and sensitive information safe and secure. With the introduction of the ‘Making Tax Digital’ government initiative, data protection is now becoming more important than ever.
Our experienced advisory team can walk you through what the implications of the new GDPR rules will be for your organisation, and make sure any adjustments needed are made in due course.