With new data protection laws just four months away, the government has handed final guidelines to business owners yet to prepare for its requirements.
In April 2018, the data protection bill with bring the EU’s General Data Protection Regulation (GDPR) into UK statute books. Primarily, the bill will make it easier for consumers to withdraw consent for the use of their personal data.
The bill will arm the Information Commissioner’s Office (ICO) with greater powers to hold non-compliant organisations accountable. The highest fines for the most serious data breaches will reach £17m or four per cent of turnover.
Fewer than half of UK business owners are aware of new data protection laws, according to new government research, while a quarter of those who were aware had made changes to cyber security procedures by hiring new staff and updating anti-virus software.
Further to the government’s findings, research from Mailjet has found that startup businesses could be least GDPR-compliant. Only 29 per cent of startups surveyed actually encrypted collected data, while just a third had a data breach notification plan in place.
To support business owners yet to understand new requirements, the Department for Digital, Culture, Media and Sport (DCMS) has provided final guidance for firms.
Owners have been advised to document what data the business holds, review privacy notices and consider how it would delete personal data if asked. Hiring a dedicated data protection officer could also help guarantee full compliance.
Speaking from the World Economic Forum in Davos, secretary of state for digital, culture, media and sport, Matt Hancock, said: “We are strengthening the UK’s data protection laws to make them fit for the digital age by giving people more control over their own data.
“And as these figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill.
“There is a wealth of free help and guidance available from the Information Commissioner’s Office and the National Cyber Security Centre, and I encourage all those affected to take it up.”
Commenting on the incoming legislation, UK information commissioner Elizabeth Denham said its reforms would “put consumers and citizens first” and force organisations to become transparent and accountable for their actions.
“This is a step change in the law; businesses, public bodies and charities need to take steps now to ensure they are ready,” she said.
“Organisations that thrive under the new rules will be those that commit to the spirit of data protection and embed it in their policies, processes and people.”
Denham added that companies fully compliant with GDPR generate better consumer trust and fain a competitive advantage.
Sign up to our newsletter to get the latest from Business Advice.