Businesses must take action to prepare for new data protection responsibilities

25th May 2017

With a year to go until the General Data Protection Regulation comes into law, the British Chambers of Commerce (BCC) is urging businesses to start preparing to ensure that they are compliant with the legislation when it comes into force.

From 25 May 2018, all businesses that hold personal data will have to guarantee that their data procedures are fit for purpose and compliant with the new regulation. While the GDPR is an EU-initiative, the UK government has already made it clear that the legislation will still take effect in the UK after Brexit. Businesses that are found to be non-compliant risk potential fines of up to €20 million or 4% of annual worldwide turnover. Chambers of Commerce around the country are urging their members to start taking the necessary preparations to ensure they are ready for the regulation. Steps for businesses to take include: Document what personal data the company holds, where it came from and who it is shared with. Firms may want to consider organising an information audit or speaking to a data expert Review current privacy notices and plan for any necessary changes needed before the implementation deadline Check procedures to ensure that they cover all the rights individuals have under the new rules, including how to delete personal data or provide data electronically if needed Review how the company seeks, obtains and records consent from individuals, and whether any changes are necessary Ensure the right procedures are in place to detect, report and investigate a personal data breach Determine whether a Data Protection Officer is required, and designate one if so, to take responsibility for data protection compliance and assess how the role will sit within the organisation. For more steps on preparing for the General Data Protection Regulation, businesses should revert to the Information Commissioner's Office checklist. David Riches, Executive Director at the British Chambers of Commerce (BCC), said: -Businesses need to be proactive about ensuring they are ready for the new data protection regulations when they come into force this time next year, and not leave preparations until the eleventh hour. Those firms that don't fulfil the necessary responsibilities leave themselves vulnerable to tough penalties, not to mention public scrutiny. -With twelve months to go, there are a number of procedures businesses should be reviewing to determine what changes may need to be introduced to be compliant. Businesses that are already vigilant about their data protection responsibilities won't be unduly burdened by the new legislation. -The General Data Protection Regulation is intended to reflect modern working practices in the digital age, and will strengthen consumer trust and confidence in businesses. It will establish a single set of rules across Europe, which will make it simpler and cheaper for UK companies to do business across the continent, even after we leave the EU.

You might also be interested in

The big switch-off is coming. Are you prepared?

Thu 30th June 2022

We’ve seen significant changes across the workplace in recent years to support greater collaboration, and another major milestone is fast approaching.

Import Safeguarding - What does it mean?

Thu 30th June 2022

We have the latest information on Safeguard measure that was published on 22nd June which will have an impact on businesses in this region.

Sheffield Chamber are looking for a new printing contract!

Tue 28th June 2022

Could you help our team by providing specialised printing equipment that we need to produce vital exporting documentation for our members?

St Luke’s Joins Chamber as Patron in 50th Year

Fri 17th June 2022

St Luke’s has joined Sheffield Chamber as a Patron as it celebrates its 50th year.