Businesses prepare for data protection regulation

6th June 2017

The British Chambers of Commerce (BCC) is urging businesses to prepare for the General Data Protection Regulation which comes into force on 25th May 2018.

All businesses that hold personal data will need to make sure their procedures are fit for purpose and compliant, with these new rules being put in place.

Legislation will impact UK businesses post-Brexit, and if found non-compliant, may result in potential fines of up to £20 million – or 4% of their annual global turnover.

BCC has issued the following steps to its members:

• Organise personal data the company holds, where it’s sourced from and who it is shared with
• Review privacy notices and plan for changes before the new law comes into force
• Review the process of seeking and obtaining record consent from individuals
• Ensure procedures are in place to detect, report and investigate personal data breaches
• Designate a Data Protection Officer (if needed) to take responsibility for data protection compliance.

David Riches, executive director at BCC, said:

“The General Data Protection Regulation is intended to reflect modern working practices in the digital age and will strengthen consumer trust and confidence in businesses.

“With 12 months to go, there are procedures businesses should be reviewing to determine what changes may need to be introduced to be compliant.

“Businesses that are already vigilant about their data protection responsibilities won’t be unduly burdened by the new legislation.”

Contact us for advice on how these changes may affect your business.