In the next month or so, the Data Protection Bill will replace the current Data Protection Act and will also incorporate the GDPR into national UK law.
It means that even after Britain leaves the EU, businesses will need to comply with the same EU rules for UK citizens. GDPR will provide citizens a lot more power over their data and it will also give EU regulators more powers to deal with companies that don’t secure the data of EU citizens. Under GDPR fines as high a €20m (or 4% of global turnover, whichever is greater) can be handed out to businesses that are in breach of GDPR.
Key requirements under GDPR:
Organisations will have 72 hours to inform regulators of all breaches within 72hours of becoming aware of them
The organisations have to also inform the regulators the measures taken or proposed to mitigate its effects.
If the breach is sufficiently serious to warrant notification to affected customers, the organisation responsible must do so without delay