On 14th April 2016 the European Parliament voted to adopt a new data protection law for Europe. Under the General Data Protection Regulation, data protection law will be significantly tightened and individuals’ rights to bring claims will be strengthened.
The new Regulation is due to take effect in 2018 and will impact all business sectors, even if Britain has already left the European Union by this time. It seems very likely that any replacement data protection laws will follow similar lines. Key potential challenges for SME businesses include:
- Fines will rise to as much as 4% of global turnover
- Increased enforcement powers could lead to a higher number of prosecutions
- Consent will be harder to obtain
- Stricter data breach notification rules
- Data processors also to be subject to enforcement actions
- A requirement to perform data protection impact assessments to identify and address privacy risks in all new products
The new Regulation serves to bring into focus the importance of data risk management. To help mitigate data risks, control of data should form an important part of any SMEs business continuity plan.
We are all using data in some way, from sales prospecting through to managing client relationships. If your business turnover is in excess of £1 million per year then a 4% fine (i.e. £40,000 or more) could have a major impact on cash flow and profit margins.
This major piece of legislation will affect all businesses and we recommend you should start considering now how it may affect you.
Guide to The General Data Protection Regulation, British Insurance Brokers Association, 2016 Technical Insight: Proposed changes to EU data protection legislation, Willis Towers Watson Networks