In light of recent revelations in terms of personal data in the realm of social media, data protection issues have become more of a common topic of conversation. New changes this month will ensure that these issues stay a hot topic. In April 2016, after a lengthy period of debate and preparation, the General Data Protection Regulation (GDPR) was approved by the European Union Parliament. This new regulation is set to come into force on the 25th of May 2018 and any companies found to be non-compliant may face rather severe fines. With that in mind we want to ensure that all of our clients and friends are well informed so today we will be discussing the main topics of note ahead of this enforcement date.
In essence, the GDPR will replace the existing Data Protection Directive 95/46/EC and has been formulated in order to standardise data protection and privacy laws across Europe. The regulation is also intended to empower organisations to take data privacy increasingly seriously and to fully understand the impact this can have on a business.
Regardless of the location of your company, if you are an entity which offers goods, services or data exchanges to EU subjects then the GDPR will apply to your company. For our British neighbours, there exists a level of uncertainty with Brexit continuing to loom, for all businesses having dealings in data with the UK it would be advisable to apply the same rules to data coming to and from the UK as data staying within the EU. There will likely be legislation put in place which may stay in line with the GDPR but in order to avoid issues, it is advisable to treat non EU entities and their data in the same strict manner.
It is important for companies to make themselves aware of what actually constitutes personal data. In its most common form personal data is any information on an individual which could identify them. Anything from photos, bank details, addresses, certificates etc. can constitute as personal data for which there must be consent given for this information to be retained. If your company in any way deals with personal data, it is essential that new actions be taken to protect this data in the wake of these new rules.
Penalties for non-compliance can be as severe as fines of 4% of annual global turnover, with the most serious infringements carrying a maximum fine of €20million. There will of course be a tiered system in terms of infringements.
For further information, we recommend visiting the website of our friends at Chartered Accountants Ireland, where they have put together a concise and informative booklet which will discuss everything you need to know about the GDPR.
Should you require any help, advice or guidance on any financial or business matters, please don’t hesitate to get in touch with us here at EcovisDCA, where we will be happy to support you in getting your business to the next level.