The UK and Europe are currently preparing for their biggest data protection overhaul in decades and since the prior statute was actioned almost twenty years ago, where there’s been a more then sizeable increase in the amount of digital information we create and share, reforms to outdated international legislation have arguably been long overdue.
Data Protection Reform
The UK Data Protection Act of 1998 currently determines how independent firms and public-sector business can use consumers’ information, but it has recently faced widespread criticism by various IT authorities acting as a catalyst for reform.
Going forward it will be replaced by the General Data Protection Regulation, GDPR, which will begin to be enforced on May 25, 2018 for EU member states, including the UK.
Despite Brexit, the Information Commissioner’s Office has ensured Britons that the provisions for the union-wide reforms will be covered in the same way in the UK by the new Data Protection Bill which is set to roll out on the same date.
The new act will affect both individuals and businesses who act as ‘controllers’ or ‘processors’ of data, obliging businesses to better manage their data and giving consumers the right to access the information that companies hold about them. The general remit of GDPR is to safeguard users’ ‘personal data’ such as an individual’s legal name, home address and IP address whilst also protection of ’sensitive data’ such as sexual orientation, ethnicity and religious and political ideologies.
What This Means for Businesses
The changes to data laws will see businesses forced to become more transparent with regards to data relating to their consumers. As per the Data Protection Act, internet users will have enhanced privacy rights allowing them to request access to information held by businesses pertaining to them, however, as of May 25th consumers may also request that data controllers change, restrict and/or permanently delete their personal and sensitive data.
Furthermore, the commencement of more stringent digital regulation means that data controllers will be required to notify the Information Commissioner’s Office within three days of a data breach, detailing the number of records and nature of the data that has been compromised as well as the measures taken to counteract the threat.
Businesses that fail to comply with the imposed digital safety regulation by not providing data upon request; losing customer data or not following necessary digital security precautions may face fines as high as 4% of their global turnover.
How Business Can Prepare for GDPR
Businesses looking to circumvent any risk resulting from this change in legislation are being advised to conduct a risk assessment, analysing where personal and sensitive data is being stored and the security measures that are currently in place to protect them.
Following that, business owners should be better prepared to manage the data that is at their disposal but controllers or data processors may also want to consider installing threat detection and response tools, which can be used to identify any security breaches and mitigate the threat.
Most importantly, businesses should have protocol in place to manage any instances of failure of the aforementioned procedures. A privacy breach response plan could help businesses dispute fines from the ICO and adds an extra layer of security to safeguard the data of customers.
Management Personnel
The introduction of GDPR will mean data protection officers moving into unchartered territory in their field, therefore it is important for businesses to ensure they have individuals with more than just experience at their disposal. Managers must have the ability to adapt to disruption quickly in today’s fast paced economic environment.
If you would like to discuss the implementation of leaders to manage the introduction of GDPR then talk to us. Our assessment techniques ensure that candidates have the experience and skills as well as the behavioral and personality traits to adapt to innovation and changes in legislation alike.
Miramar are a globally reaching Executive Search Firm with offices in the UK and the USA. Contact us for more information on how our executive search consultants can help you build your management teams.