Facebook Twitter LinkedIn YouTube
East Midlands Chamber News

New and more stringent data processing rules come into force

The EU’s General Data Protection Regulations (GDPR) are driving the biggest change in 20 years in the way businesses of all sizes manage personal information.


And they bring much bigger penalties for firms that fail to comply with the rules or allow personal data to be accessed by third parties, including hackers.


Firms which allow personal data to be hacked or which otherwise flout GDPR could be fined 20m euros or four per cent of global turnover, whichever is the greater. Under previous data protection regulations, the maximum penalty was £500,000.


GDPR applies to all EU-based firms that process data. It also applies to firms based outside the EU but which process data involving EU citizens or from centres in the EU.


The UK is currently part of the EU and, therefore, bound by GDPR. The Government has already indicated that existing EU regulations will be subsumed into UK law before Brexit.


The Chamber continues to offer courses on GDPR and published a briefing paper to steer firms through the early-day complications of complying with the new rules.


David Pearson, the Chamber’s Director of Partnerships and Membership Services, said: “There is no escaping GDPR and however complicated it might seem we urge all our members to make sure they are fully versed about the new rules. The consequences of failing to comply just don’t bear thinking about.


“We will continue to do all that we can to help members understand and comply with GDPR. If you have doubts, we urge you to raise your concerns with the Information Commissioner, to take legal advice or to talk to us so that we can steer you in the right direction.”


To comply with GDPR and to coincide with the launch of a new website and ‘back-office’ customer relationship management (CRM) system, the Chamber has introduced new privacy, cookie and data protection policies, available by clicking on the links attached to each word.


The Information Commissioner’s Office has published guidelines for GDPR, details of which can be found here.