A new UK data protection law that’s on its way doesn’t mean it’s OK to forget new European legislation.
News of the UK bill may have reinforced the misconception held by some business people in Sussex, Surrey and Kent that there’s no need to worry about the EU General Data Protection Regulations which come into force next May.
That’s not true. The government has already officially stated that the new law will bring the GDPR into UK law. It’s essentially a cut-and-paste job thereby making it easier to do business in Europe after Brexit.
Right to erase data
Like the GDPR, the UK legislation proposes to make it simpler to withdraw consent for the use of personal data. It allows people to ask for their personal data to be erased and parents will have more control over how their children’s data is used. The definition of personal data will be expanded to include IP addresses, internet cookies and DNA. These are just a few of the many tighter requirements the new UK law will impose.
The penalty for non-compliance could be as high as £17 million – or 4 per cent of your company’s annual revenues according to which is greater.
That’s much more than the penalty imposed by the current UK Data Protection Act and unlike the old law, any data breaches must be reported in a matter of days. For the GDPR it’s 72 hours – that’s just three days. The UK law is likely to be the same.
So, it’s essential for companies across the South East to take a serious look at all data-related aspects of their business before the new regulations come into force. In fact, it’s best to be compliant with the EU’s requirements before May 2018 because you may have partners who trade in Europe or customers from the continent.
A good way to achieve this in a structured way is to obtain the government-backed certification from the Cyber Essentials programme. It demonstrates that you’ve got a good information security management system in place and it will help you to focus on tightening up all aspects of IT security because you’re being judged by an external monitoring body.
The ongoing threat of cyber-crime is one big reason why data needs to be stored safely and backed up.
This has been a painful lesson for major companies like FedEx and TNT. They’re reported to be suffering still following the WannaCry ransomware attack that also badly affected the NHS. They clearly didn’t have proper data back-up procedures in place which is a stark reminder for businesses of all sizes.
Gary Jowett from CNC in Brighton says: “Data protection regulations are being tightened up for the benefit of everyone. So, all UK businesses have to be prepared. The simple fact is the UK will continue to do a substantial amount of trade with its European neighbours and must therefore follow the same standards for data storage and use.”