Following the EU's introduction of its General Data Protection Regulation (GDPR), the UK government has proposed its own rules to integrate European standards into UK law.
This will require British companies to enforce more stringent data protection procedures, so it's important businesses are aware of the implications for their operations.
Primary principles
The proposed regulations aim to give people more control over their personal data. To achieve this, businesses will be expected to:
- Get consent before collecting or processing sensitive personal data. That means explaining why your business needs the information and making it clear how the data will be used.
- Allow people to withdraw their consent and request the deletion of their data.
- Provide people with the data they’ve provided on request, in a common, easy-to-use format. All the personal information you store must therefore be searchable and ready to export and share.
- Ensure anonymous data can’t be used to identify individuals. Allowing users to be identified from anonymous sources will become a criminal offence.
Impact on businesses
The main thing to remember is that these proposals incorporate EU standards into UK law, so will ensure that businesses of all shapes and sizes are still able to trade with continental customers within the current pre-Brexit framework. What’s more, 80% of UK consumers already consider their data to be personal property, so this brings legislation into line with popular opinion, which is no bad thing.
However, complying with these changes will require work for any business that routinely collects or processes employee and customer data. And the number of businesses affected will also increase, because the new law redefines what personal data is to include IP addresses, internet cookies and DNA.
Potential costs
As well as the overall cost of implementing these rules, companies should be aware that the Information Commissioner’s Office (ICO) will have the power to fine businesses that break the rules. These fines can be up to £17m or 4% of global turnover, a big increase on the current maximum of £500,000.
With so much at stake, it’s vital that your business is ready for the new rules. You can also find more information about keeping your business insurance up to date here.