The EU General Data Protection Regulations (GDPR) will completely modernise and update our current data protection regime. Rapid technological developments and globalisation coupled with a significant increase in the scale of collection and use of personal data has led to the first shake up of data protection rules in 20 years. GDPR puts the individual at the heart of the legislation with the core objective that people should have control over their own personal data. We also know that despite Brexit, the UK's decision to leave the EU will not affect the commencement of GDPR and a UK version of the Regulations will come into force 25th May 2018.
There are less than 10 months before GDPR comes into force and PayStream has wasted no time in our preparations. We want to get this right because we value its intentions - greater transparency, enhanced rights for citizens and increased accountability.
The Information Commissioner's Office (ICO) are regularly publishing articles and useful documents in respect of GDPR to help organisations review their current data protection policies and to prepare for the new regime. Myths about GDPR have started their rounds and the ICO are keen to sort fact from fiction. One myth, for example, currently trending related to crippling fines. It's true that the ICO will have the power to impose fines much bigger than its current limit of £500,000, however, the ICO says that it's scaremongering to suggest that they will make early examples of organisations for minor infringements or that maximum fines will be the norm.
This is reassuring news from the ICO. The GDPR does include general conditions for imposing administrative fines. They should be effective, proportionate and dissuasive. However, the UK Information Commissioner, Elizabeth Denham, maintains the ICO's commitment to guiding, advising and educating organisations about data protection and that fines will continue to be a last resort. In 2016/2017, the ICO concluded 17,300 cases and only 16 resulted in fines for the organisation concerned and they have as yet to invoke their maximum powers. Ms Denham went on to say that the ICO intend to use their new powers under GDPR proportionately and judiciously.
There are tangible benefits and competitive advantages to organisations that put data privacy and security at the heart of what they do. GDPR builds on data privacy and security principles that organisations should already be following. Rest assured, we've always had clear policies and procedures in respect of data protection and our preparations for GDPR are going well.