The impending arrival of the EU General Data Protection Regulation is requiring businesses to implement changes. Find out more in our mini blog series, which takes a positive approach to the subject of GDPR whilst making it all a bit more approachable.
Although we have already addressed some GDPR issues, the information surrounding General Data Protection Regulation can seem overwhelming and these new regulations become enforceable from the 25th May. There is a minefield of information out there, but what should you believe and how can you work out what is relevant to you? We’ve gathered some of the GDPR myths and facts… but can you guess which ones are true and what’s false? Find out below….
TRUE OR FALSE?
1. “There will be a grace period when GDPR is implemented.”
There has been many rumors of a grace period after the 25th of May, but this is simply not true. There has been two years of preparation and transition period for GDPR. Steve Woods the Information Commissioner's Office Head of International Strategy & Intelligence has made it clear there will be no grace period; stating “You will not hear talk of grace periods from people at the ICO. That's not part of our regulatory strategy." The focus is instead on transparency, control and accountability.
2. “The maximum fine for noncompliance with data protection authorities will rise to 20 million euros, or 4% of 12-month turnover—whichever is greater.”
However, although these figures may seem daunting, it is worth remembering that of the companies that make breaches of GDPR only a very small amount will actually result in fines. These changes in regulation are not about fines but about data regulation and ensuring companies take a responsible attitude to the data they hold. So although as a business you must be wary, if you have adequate systems, procedures and policies in place then you shouldn’t have to worry.
3. “GDPR will spur a millennium bug/Y2K situation!?!”
Many a rumor has been circulating that GDPR could spur a Millenium bug type situation, when major problems were anticipated with post 2000 data storing due to new governmental regulation. This is a myth - yes, there is much work and preparation to be GDPR compliant, but the changes in regulation cannot be the catalyst of what was feared in the approach to the Millenium - i.e complete digital shutdown. GDPR is an ongoing and evolutionary process which will see many changes over the weeks and months to come.
4. "If we are leaving Europe we don’t need to worry."
GDPR will affect not only companies located within the EU, but will also apply to companies that offer goods, services to or monitor the behaviour of EU data subjects. In light of an uncertain Brexit future, what happens in the case of a company's activities being 100% limited to the UK?
It is very likely that the UK government will implement legislation that will largely follow the GDPR, taking into consideration the support given to the GDPR by the ICO and UK Gov as an effective privacy standard. GDPR will also act as a baseline by which UK businesses will be able to seek continued access to the EU digital market. Therefore it is highly recommended that companies go ahead with making preparations for the changes regardless of what happens with Brexit.
5. "Companies should already be responsible with regards to personal data."
The ICO is the UK's independent body set up to uphold information rights. It was founded in 1984 and so data protection regulations have been around for a while. Companies should already have good practices in place to protect data. GDPR should be viewed as a statutory measure to continue good data protection practises already in place within organisations.
Preparing For GDPR
The most important thing is to be clear and speak to your IT teams to make sure they are ready for GDPR. But, not only this, make sure that your full team is briefed on GDPR, many data breaches are the result of human error. Read the Okappy series on GDPR which takes you from getting ready for GDPR right through to reporting data breaches. Make sure you reference reliable sources when seeking out facts surrounding GDPR in particular the Information Commissioner's Office has more relevant information about GDPR.
Leave your email below to stay up to date with our latest tips, tricks and trends on all things business?