In May 2018, the EU is implementing a new law that will change the way businesses collect, store and use personal customer data. The General Data Protection Regulation (GDPR) is an overhaul of the 1998 Data Protection Act (DPA), which was brought in when the internet was still in its infancy. The GDPR reflects the ways in which the internet is used nowadays.
Businesses that do not comply with the new law will face fines of up to 4% of their annual turnover. With a lot of complex information and admin involved, they are being encouraged to get started on updating their data protection policies and procedures as soon as possible.
The main difference between the GDPR and the current DPA is that customers will now have control over how their data is used and whether it is collected in the first place. Companies will need to gain consent from consumers before gathering their data, and will be subject to strict rules about how it is used – e.g. justifying why they need the data, showing how they will protect it, and upholding customers’ rights to access their data and object to its use.
GDPR is all about helping businesses keep their customers’ data safe in a digital world where more private information than ever before is shared and cybercrime is a constant threat.