A survey carried out by leading data security firm LogRhythm, Gigamon and ForeScout Technologies has revealed that only 47% of UK businesses are aware of the new GDPR (General Data Protection Regulation) data regulations that are due to come into force in 2018. Just as worryingly, many of those that are aware of the new GFPR requirements are taking an approach described as ‘wait and see’ until the UK’s strategy for leaving the European Union is fully decided.
The new GDPR regulations that will come into force in 2018 will bring sweeping new requirements for E Commerce business across Europe in the way that they control and manage personal data. There will also be significant fines for any organisation who breaches or does not comply with the new regulations.
The European Union GFPR Regulations Are Not Just For EU Members
However, for those UK business who are choosing to take a ‘wait and see’ approach are doing themselves no favours as they will be required to comply with the new regulations regardless of how Britain’s exit of the European Union pans out. This is because regardless of how the UK comes out of the European Union, if businesses want to trade with Europe, then they will need to follow and comply with their data security requirements as spelled out in the European Union General Data Protection Regulation.
This means that amongst other things they will be required to:
- Erase data when a customer chooses to exercise their ‘right to be forgotten’
- Gain explicit consent to collect any form of personal data
- Request for data in a way that is clear and in plain language. It must also be asked for separate from other terms, information or conditions and customers must give it freely, not because they feel forced to.
- Allow customers to access and see their own data and give them a copy of it should they ask for it. This copy should be in a common format that the person is able to access and readable.
For some businesses across the EU and wanting to trade with the EU, many of these requirements will be relatively easy to implement if they have kept on top of their regulatory requirements and planned ahead for the strategic introduction of GDPR compliance. However for many the move to being compliant will be daunting but the key for many will be investing in a ‘middle layer’ that can ‘talk’ and extract data from existing legacy systems and gather the required information down to individual customer level. Whilst this will require some investment, such a solution will be much cheaper and cost effective than making wholesale changes and will see the business meeting all of its European Union General Data Protection Requirements.
For all businesses in the EU and those outside of the EU, there is no alternative but to make a start on ensuring that they are compliant with the new European Union GDP regulations if you want to trade with EU member countries.