With the countdown to the introduction of the General Data Protection Regulation (GDPR) well underway, audit, tax and consulting firm RSM, is urging London companies doing business in the EU to complete their preparation for the impending rule changes, to help mitigate substantial financial and reputational risks arising from issues of non-compliance.
The new legal framework is the biggest change to data privacy legislation in over two decades, and aims to protect EU citizen’s personal data, regardless of borders or where the data is processed.
The regulations, which come into force in a year’s time on 25 May 2018, will transform how businesses need to store and manage personal data. A failure to comply with the new rules could see businesses facing significant penalties of up to €20m, or four per cent of annual global turnover.
An important factor is to ensure a business’ data processes protect the rights of individuals. Therefore an organised data protection programme will need to be established, with all data activities accurately recorded. This obligation extends to any third-party contractors or partners working with a business, and will present companies with much greater legal liability in the event of error.
Steve Snaith, technology risk assurance (TRA) partner at RSM, said: “In a growing digital economy, where data can be collected and stored within seconds, there is more risk of cyber security breaches, which was highlighted by the recent WannaCry ransomware attack. London is currently one of the world’s key financial centres, with many other global companies based in the capital, making it a prime target for cybercriminals to steal information and launder money. Whilst the government attempts to combat this, it is increasingly more important that London companies establish clear processes and safeguards to adequately protect themselves.
“Although GDPR is a welcomed attempt to curb growing fears around how companies use and manage personal information, the new framework will drastically affect the future of stored personal data and radically increase company accountability.
“Such a transformation is likely to disrupt internal data practices across the city’s organisations. London businesses must make sure they are ready for what lies ahead and not get caught out by the changes. Failure to do so could engender substantial financial and reputational risk.”