How Will GDPR Affect Your UK Business?


Despite having almost 2 years to prepare, many business owners are still feeling confused over the upcoming General Data Protection Regulation. It’s a confusing time for many, but there is still time to get a good understanding of what’s around the corner and prepare the business in time for 25 May 2018.

The purpose of the EU’s GPDR is to provide consumers with a lot more control over their personal data and how it is used by businesses. Personal data is often sold, swapped and even hacked into, leaving consumers open to unwanted contact and at risk. Protection will increase once the GDPR comes into force as the definition of personal data will include IP addresses along with biometric and genetic data, expanding on the current name, addresses, and photos.

GDPR Security Breach Reporting

Any data breaches must be reported by the firm within 72 hours if the breach results in the rights of the affected individuals at risk. The organisation will have to report to the Information Commissioner’s Office and in serious cases, to everyone that has been affected via direct contact.

Any organisations that fail to comply with the GDPR face rather expensive fines. The first level fine is up to €10 million or 2% of the organisation’s turnover of the previous financial year, whichever is higher.  The second level fine is up to €20 million or 4% of the annual turnover of the previous financial year, whichever is higher.

The first level fine will be for infringements that are found in Article 83(4) of the GDPR. The infringements, which will be considered on a case by case basis, including failing to report a breach. The second level fine will apply when organisations fail to ask for consent and other infringements that related to the rights of the data subject and the transfer of personal data to a third country and so on.

Don’t Ignore the GDPR

There is plenty of time to get things in place before the GDPR comes into effect on 25 May 2018. Read our last article titled ‘How to Prepare Your Business for GDPR’ for further information.