Latest News Headlines
Commercial Credit News
|Will you be affected when the Data Protection Act is replaced?|
|Tuesday, 18 October 2016|
If you hold data on individuals, you will be affected when the Data Protection Act is replaced by the General Data Protection Regulation in 2018. This change will bring significant implications to any businesses processing personal data, particularly those with e-commerce, marketing, retail and wholesale business operations.
The EU GDPR directive which comes into force on the 25th May 2018, aims to protect privacy and personal data with clear penalties for those who fail to comply with the legislation.
This will include new measures and procedures for handling all personal data, which covers any data by which an individual may be identified, and for ensuring such data is processed and used in accordance with this new legislation.
What is "Personal data"?
This act covers all data and meta-data held about employees, prospects, customers, suppliers or anyone else, where they are referred to as an individual, opposed to a company. For example this does not apply to a company recorded as "Some Org Ltd", but would apply to "Joe Bloggs, Managing Director at Some Org Ltd". Therefore any company that stores names and addresses is likely to be required to comply with this regulation.
Post-Brexit - does this still matter to me?
When the directive comes into force in 20 months, the UK will still be governed by EU regulations. At a point when the UK leaves the EU, the GDPR directive will be used by the UK as a base for writing a replacement data protection directive. What's more, if UK organisations intend to trade with EU organisations, they will need to adhere to the GDPR, so this matters to most businesses regardless of Brexit.
How does GDPR differ from the current Data Protection Act?
Overall, the scope of GDPR is greater than the DPA, and it is easier to define the point when breach occurs. More responsibility is placed on the holder and processor of data and full control is firmly with the owner of the data.
The key changes include:
When data is collected, the purpose of this must be made clear
A company must delete data if no longer used for the purpose it was collected
The subject has the right to be erased on request
Firms handling a large amount of data, or sensitive data, must appoint a data protection officer (DPO)
All businesses in the EU must be complaint, as must companies trading with organisations within the EU
Surprisingly, 44% of IT professionals are uninformed of these new rules according to Computer Weekly, and in our experience, very few companies we have talked with have even heard of the impending General Data Protection Regulation.
The changes are significant and compliance will be challenging without data systems that provide key GDPR functionality.
Forums International Ltd
Attendance at your first meeting is free of charge, and please quote reference 'CCR2016' to receive the special 10% discount off of your first annual subscription.
Find out more here.
The latest edition of CCR Magazine, the leading editorial publication in the UK credit industry, is out.
CCR is the premier magazine for consumer and credit professionals. It provides an independent voice to the industry, breaking major news stories and running in-depth features.
As a magazine, it works with and campaigns on behalf of the credit industry to promote its importance as a centre of potential profit and business development to the wider business world.
Providing information and analysis for thousands of senior credit professionals worldwide, every quarter.
GTS Media Ltd
81 Cambridge Road
Registered in England No: 05483197