Feb 2, 2017Industry insights,
Data protection - What does it mean for you?
Continuing on from our recent article ‘Data protection – The new legislation’, it’s fair to say data protection has been on the boardroom agenda for many years; however, this proposed new legislation will bring data legislation and regulations into the digital era and is set to raise the stakes even further.
As we mentioned in our previous article, businesses that are involved in data processing will have to evaluate their data usage to establish if they fall into a criteria where they would need to appoint a data protection officer. It’s possible that every business with 250 employees will be required to appoint this position, however, this is part of the legislation that’s still to be agreed. In addition, as it is the UK that’s opposing this part of the legislation, once you include Brexit in the mix, this may not form essential criteria.
Data protection officers will be responsible for managing and maintaining high levels of data security. Although, as a newly defined role, each business will need to determine their own requirements for the position. It’s likely these individuals will have a good knowledge of the data protection law, they may have professional qualifications in this area and understand what steps need to be taken to ensure the business remains compliant.
Part of their remit will be to ensure the business doesn’t experience any data breaches. To date, data breaches have been dealt with inconsistently with currently no obligation to report a data breach and only the risk of a fine if they breach any of the data protection laws.
With the new legislation, the General Data Protection Regulation and the EU Data Protection Regulation will ensure businesses maintain data in a highly secure manner. Any data breaches will need to be reported promptly and it’s thought they will enforce stricter penalties for data failures and breaches of up to 2% of global turnover.
The onus will be on businesses to ensure their data protection measures fully mitigate any data loss and security breaches, which will include external threats such as hacking and cyberattacks.
With this in mind, businesses are going to have to do more to ensure they remain safe and secure – it could be the difference between thriving and failing.
Our next article looks at how businesses will need to do more to remain compliant.