Businesses must prepare for new data protection rules

New data protection rules, which could have a major impact on the business community, put under the spotlight at recent Cardiff Business School Executive Education Breakfast Briefing (27 July 2017).

Helen Iles, Senior Associate and Head of Training at Hugh James, delivered a highly informative and important session on data management and new EU General Data Protection Regulation (GDPR).

The GDPR is a regulation which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection within the European Union (EU). It applies to ‘controllers’ and ‘processors’ of data.

Adopted in April 2016, the GDPR will come into force on 25 May 2018 and the UK Government has confirmed that the decision to leave the EU will not affect its commencement.

While the GDPR shares similarities with the UK Data Protection Act 1998 (DPA), there are significant differences and new responsibilities and liabilities placed on individuals (the processors).

In the briefing, which was titled ‘If you want peace, plan for war’, Helen’s key message to the assembled audience of business professionals was one of preparedness. She highlighted how everyone – inside and outside of organisations – are users of data and need to: be aware of the changes brought by the GDPR; plan for its implementation; and resource its management appropriately.

Helen stressed that those organisations that are already compliant with the DPA, will mostly be GDPR compliant, but that attention had to be paid to the new requirements created by the new regulation, and the changes to existing standards.

Using the Information Commissioner’s Office’s GDPR overview as a basis, Helen ran through the 12 steps, carefully charting the new responsibilities and areas of liability.

Sarah Lethbridge, Director of Executive Education at Cardiff Business School, said: “The regulation is complex and data management generally can feel overwhelming but Helen’s session was excellent. She calmly, and methodically, outlined for our audience of business professionals the expectations and implications of the GDPR, clearly articulating key areas for further action and attention.

“It was an invaluable session which gave real insight into what the changes are and what next steps organisations need to take to be ready for them.”

For more information about the GDPR, please visit the Information Commissioner’s Officer website.

The next Executive Education Breakfast Briefing will take place in September. Keep an eye on our Twitter and Facebook for details.