The new data protection regulations make very dry reading, that said we all need to comply. In short it would appear the maximum fine for breaching the Data Protection Act is currently £500,000. Under the new rules, from 2018 the maximum fine for breaching the GDPR will be €20 million or 4% of global turnover (whichever is higher).
From what I understand The General Data Protection Regulation (GDPR) is a new law that will replace the Data Protection Act 1998 and will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR…………..I wonder!
The ICO (Information Commissioner’s Office) can act to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000.
Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
• fairly and lawfully processed;
• processed for limited purposes;
• adequate, relevant and not excessive;
• accurate and up to date;
• not kept for longer than is necessary;
• processed in line with your rights;
• secure; and
• not transferred to other countries without adequate protection.
Information Commissioner Elizabeth Denham said:
“All organisations have to get ready for the new data protection rules, but we recognise that the 5.4 million small organisations in the UK face particular challenges.
“Small organisations want to be ready when the new law comes into force in May 2018, but they often struggle to know where to start. They may have less time and money to invest in getting it right and are less likely to have compliance teams, data protection officers or legal experts to advise them what to do.
“Our new phone service and all the other resources already on our website plus even more advice and guidance yet to come will help steer small businesses through the new law.”
What you need to do
For more information go to:
SME’s should dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. As well as advice on preparing for the GDPR, callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information.