With the countdown to the introduction of the General Data Protection Regulation (GDPR) well underway, audit, tax and consulting firm RSM, is urging North East companies doing business in the EU to complete their preparation for the impending rule changes, to help mitigate substantial financial and reputational risks arising from issues of non-compliance.
The new legal framework is the biggest change to data privacy legislation in over two decades, and aims to protect EU citizen’s personal data, regardless of borders or where the data is processed.
The regulations, which come into force in a year’s time on 25 May 2018, will transform how businesses need to store and manage personal data. A failure to comply with the new rules could see businesses facing significant penalties of up to €20m, or four per cent of annual global turnover.
An important factor is to ensure a business’s data processes protect the rights of individuals. Therefore an organised data protection programme will need to be established, with all data activities accurately recorded. This obligation extends to any third-party contractors or partners working with a business, and will present companies with much greater legal liability in the event of error.
David Morris, technology assurance director at RSM, said: ‘In a growing digital economy, where data can be collected and stored within seconds, there is more risk of cyber security breaches, which was highlighted by the recent WannaCry ransomware attack. Therefore it’s increasingly more important to make sure clear processes and safeguards are put in place to protect both clients and companies.’
‘Although GDPR is a welcomed attempt to curb growing fears around how companies use and manage personal information, the new framework will drastically affect the future of stored personal data and increase company accountability. Such a transformation is likely to disrupt internal data practices within organisations. North East businesses must make sure they are ready for what lies ahead and do not get caught out, as the financial and reputational risk could be significant.’