The way personal data can be used is set to change with the EU’s NEW General Data Protection Regulation. And yes, Brexit means it is still going to happen. Here’s a brief look at what you need to know and do.
- The 1998 Data Protection Act will be replaced by GDPR.
- GDPR gives people the right to access information companies hold about them.
- Parents and guardians will also have control over where a child’s data is used.
- Companies have to provide the information within 30 days of a request.
- Companies must follow guidelines and get proper consent when collecting information.
- Fines will be tougher for non compliance or breach.
- Companies have 72 hours to notify people and the Information Commission about a breach.
- Businesses have until 25 May 2018 to get everything sorted (the law changed on 24 May 2016, there has been a two year transition).
- The maximum penalty for breaching the rules is £17.5m or 4% of global turnover, whichever is higher.
- Brexit makes no difference. The law is happening.
[It will] give consumers the confidence that their data is protected and those who misuse it will be held to account.
Matt Hancock, Minister of State for Digital