What is GDPR and should it be of concern to us?

GDPR, or General Data Protection Regulation comes into force on May 25th, when it overrides the Data Protection Act of 1998. It affects every business in the UK.

History: When the Data Protection Act first came into being in 1998 the digital world was a very different place from the one we know today. Designed to protect an individual’s personal data, the Act was developed to control information in a completely different landscape, in which Windows 98 was just taking over from Windows 95 and those of who could access the World Wide Web did so via dial-up internet access, using our modems. Google was only just emerging as a search engine, and flat-screen monitors were still to be invented.

Clearly, any attempt to establish the protection of an individual’s data that was created last century is no longer relevant in the modern digital age, we’ve moved a long way. That’s why GDPR has been created, to bring data security and accountability up to speed with the way we interact with each other digitally these days. The regulations will apply throughout Europe when they come into force and will affect anyone who interacts with the European market, even if they are based elsewhere in the world.

GDPR affects every business and don’t assume that the regulations won’t apply once Brexit comes into force either, as GDPR will still apply. The Government plan to make one or two necessary changes to suit the changing circumstances of the UK, but it’s anticipated that GDPR will become enshrined in British law, so it’s important to keep up-to-date with the necessary requirements.

Complying with GDPR is a complicated process that affects every aspect of running a business, from ensuring that you document absolutely everything related to IT, to instigating training programs for every member of staff. Lack of knowledge about the regulations is no excuse for failure to comply with them, and breaches will cost you dearly, in the form of hefty fines, which could be as high as 4% of your annual turnover. So don’t ignore them.

The regulations are extremely complex, so it’s worth arranging an overview of your systems and processes as well as where you save any data. Hire a professional who has extensive training in the new laws – that’s what we’ve done here at Brookstone, as we want to make sure that we’re on the right side of the law. Yes, it costs money, but any breaches in your data could end up costing you considerably more, so we think it’s a price well worth paying.