It is on its way...a new piece of EU legislation, GDPR will be introduced on 25th May 2018 and applies to all.
It will replace the current Data Protection Act (DPA) and seeks to unify data regulations within the EU whilst giving people greater control over their personal information.
Even though GDPR is an EU initiative, Brexit will not affect its introduction in the UK.
What is personal data?
The European Commission states that Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer's IP address.
The upcoming GDPR requirements present some significant challenges for recruitment agencies for example:
What should we do:
What happens if you are breached?
The definition of a data breach is something that causes harm to people because their personal details are compromised. It does not necessarily mean harming the integrity of the business or loss of finances.
In the case of a personal data breach, data controllers shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority unless the personal data breach is unlikely to result in a risk for the rights and freedoms of natural persons/individuals.
As this applies to any business I would urge you to speak to all your suppliers and clients to ensure that you have everything in place as the clock is ticking to make sure that you are compliant.