As firms countdown to the enforcement of the European Union’s upcoming General Data Protection Regulation (GDPR) on May 25 next year, the head of Britain’s privacy watchdog told business leaders yesterday that data protection has become a boardroom issue.
In a video message addressed to boardrooms, Information Commissioner Elizabeth Denham said that the new law “equals bigger fines for getting it wrong.”
“If your organization can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organization open to enforcement action that can damage both the public reputation and your bank balance.”
The new law aims to enhance the data protection rights of individuals in the EU and facilitate the free flow of personal data in a single digital market. It includes oversight over information that can be used to directly or indirectly identify a person, including bank details, posts on social networking websites, medical information.
Companies will be required to appoint “Data Protection Officers” and to notify clients of a data breach within 72 hours of first learning about it. Individuals will also have a “right to erasure” and a right to know how organisations use their personal data.
For the most serious violations of the law, the Information Commission (ICO) will have the power to fine companies up to €20m or 4% of a company’s total annual worldwide turnover for the preceding year, said ICO Deputy Commissioner (Policy) Robe Luke in a speech yesterday.
Firms who get data protection right can see real business benefits, according to Denham. She likened the situation to a carrot and stick approach.
“Accepting broad accountability for data protection encourages an upfront investment in privacy fundamentals – but if offers a payoff down the line, not just in legal compliance, but a competitive edge,” she explained.
“I believe there’s a real opportunity for organisations to present themselves on the basis of how they respect the privacy and dignity of individuals. Over time, this can play a real role in consumer choice.”
Earlier this month, ICO Deputy Commissioner Simon Entwisle revealed that in 2016, the regulator had received more reported data protection breaches and fined more companies for unlawful activities than ever before.
Related stories:
Is the insurance industry ready for the GDPR?
GDPR: How will it affect your business?
