The Data Protection Act is changing, no longer business as usual.

With the Data Protection Act changing and the GDPR and e-privacy regulations coming into place, you no longer can just pay your £35 to the ICO and go about business as usual... here's why.

General Data Protection Regulation (GDPR) and the new e-Privacy Regulation

“There is this misconception by business owners that buying a piece of software will solve all of your GDPR problems”

THINK ON!!!

We believe that “Preparation for the GDPR cannot start early enough!” The General Data Protection Regulation (GDPR) applies in the UK from 25th May 2018 and businesses will need to get a head start on implementing controls and measures to comply with the stronger, tighter regulations. While not a legal requirement under the DPA, the GDPR has made Data Protection Impact Assessments (DPIA) (sometimes referred to as Privacy Impact Assessments), mandatory for all processing activities in a business that are likely to result in a high risk to the rights and freedoms of natural persons.

What is the new e-Privacy Regulation?

The e-Privacy Regulations which will replace the current e-Privacy Directive and will apply to all Member States will come into effect at the same... It will update the existing law to cover instant messaging, web-based email, metadata, cookies, direct marketing and online marketing.

When is it coming in to force?

The Commission’s aim is for the regulation to apply from 25 May 2018, which is purposefully the same date as the GDPR comes into force. It is important to consider the new e-Privacy Regulations alongside the impact of the GDPR for your business and obtain advice if necessary.

Who will the regulation apply to?

The regulation covers all businesses that provide publicly-available ‘electronic communications services’ which process data, utilise online tracking technologies or engage in electronic direct marketing. This is much broader than the current directive and captures many more businesses.

It is intended to apply to newer platforms and media such as: WhatsApp, Gmail, Facebook messenger, Skype, machine-to-machine communication (the Internet of Things), dating apps and video games – as long as there is a ‘communication’ element.

Direct marketing

The restrictions on unsolicited marketing communications will also apply to ‘electronic communications services’ e.g. by text, automated call or email.

Marketing callers will have to use their number (no more blocking caller ID) or use a specific marketing-only prefix which will increase transparency to the consumer

Why have both the GDPR and the e-Privacy Regulation?

The GDPR focuses mainly on the business processes, whereas the new e-Privacy Regulation will apply to both individuals and businesses. The new regulation will give individuals and businesses specific rights that are not covered in the GDPR, for example, the right of confidentiality and integrity of the users' device (e.g. smart phones and tablets).

We would recommend working through a specifically designed GDPR Checklist and answer all questions (where applicable). This is to give you a written list of the areas where you have gaps in your business that are non-compliant or just need to make some improvements.

Our checklist is extensive, however, businesses big and small must comply with the GDPR and except for Article 30 - Processing Activities records, and there are no limited or diluted exceptions or conditions based on size. It is all about the type and volume of the personal data you process, which is not dependent on how many employees you have!

Is there a cost for non-compliance? YES!!!!

Penalties under the GDPR

The Regulation mandates considerably tougher penalties than the DPA: organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater.

Fines of this scale could very easily lead to business insolvency.

How can Cahoots business consultant help?

Contact us today and receive a £100.00 discount off your business impact assessment info@cahoots.co.uk and we will go into the implications and responsibilities in more detail.

Your business needs to be compliant, but if you don’t have the time or the knowledge – Let us help you to take away the pain of GDPR and the e-Privacy Regulation.