The General Data Protection Regulation (GDPR) has replaced previous legislation and sets the minimum standards for processing data in the EU.
The GDPR has applied to organisations across the world since 25th May 2018. As the GDPR is a regulation, not a directive, it applied automatically to all 28 member states of the European Union, including the UK. Upon the UK leaving the EU, the GDPR will continue to apply and will be absorbed into UK law.
Organisations don’t have to be based in the EU to be bound by GDPR. They only need to be processing or holding data on EU residents in order for GDPR to apply to them.
GDPR compliance is a legal requirement for every organisation. If you control or process personal data relating to EU residents – whether they’re customers or your own staff – you now have to do so in a way that complies with GDPR, with no exemptions based on business size.
Companies that are found to be noncompliant can be fined up to €20 million or 4% of the company’s annual global turnover.
The way companies handle, source and distribute data collected from customers, employees and businesses have been fundamentally changed with the introduction of GDPR. Very few companies have the time, expertise or resources to dedicate to the GDPR legislation and it can be easily pushed down the priority list.
In December 2018, the Independent reported that half of the 1,000 small business owners questioned were confused by the law when it comes to data protection and privacy. They admitted they are still “clueless” about GDPR - leaving the personal data of millions
of employees and customers at risk. As a result, owners and employees alike have made mistakes or failed to have procedures
in place which could have resulted in a multi-million pound fine for the business.
Harmful to Business
Personal data breaches and other mistakes significantly harm reputation and share value before any fines or sanctions are taken into account. In 2015, TalkTalk shares dropped more than 10 % following a data breach.
Only 20% of companies surveyed believe they now are GDPR compliant
GDPR Compliance Status Independent research conducted by Dimensional Research on behalf of TrustArc
Helping you to realise your start-up business vision via the internet, social media, and digital technology.