Businesses need to get their act together to make sure they don’t fall foul of the new legal framework.
With 25th May 2017 marking a year until General Data Protection Regulation (GDPR) comes into force, Mark Thompson, global privacy advisory lead at KPMG, highlights that business need to get their act together to make sure they don’t fall foul of the new legal framework. He said:
“On 25 May 2018, GDPR will affect organisations in the UK and worldwide that have any dealings with consumers and businesses in EU member states. It will fundamentally alter the scale, scope and complexity of the way personal information is processed. The regulation is going to require most organisations to make significant enhancements to their privacy control environment and rethink the way they collect, store, use and disclose personal information. These changes are going to be complex and take time, as such, most organisations cannot afford to wait.
“It’s worrying that with only a year to go, many organisations still have a lot to do. The truth is that many just don’t understand what they have to do and how to deal with it. The unknowns around Brexit have also posed some uncertainty on what GDPR will mean to the UK post-Brexit.
“When it comes to Brexit, it is critical to understand that if the UK is going to continue to trade with the EU, the free flow of personal information must be maintained. As such, we have to have an adequate privacy ecosystem in operation in the UK which is aligned to the requirements of the GDPR. What remains to be seen is whether the GDPR is subsequently repealed and replaced with something else post-Brexit.
“So that organisations don’t have issues and face subsequent enforcement, including fines of 4% of global turnover, businesses should:
© 2017 KPMG LLP, a UK limited liability partnership, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.