New data protection laws oblige firms to act

European citizens should now be better protected from data misuse as new rules come into force giving them more control of their data and making businesses liable for keeping the data secure.

Published Modified

The European General Data Protection Regulation (GDPR – RGPD in France) applies to all firms, irrespective of size, that process citizens’ data such as name, address, email, bank details, photo, health, rel­igion or other identity information.

Its main target is ‘large-scale’ processing by big firms and aims to give EU residents control, allowing them to access any data held and the right ‘to be forgotten’ (ie data removed) – and for firms to ensure data is stored only as long as relevant.

However, small businesses must also abide by the regulation, although those who hold limited personal data have little to do, other than keep the data secure, especially if sensitive, and weed out old contacts.

Those with mailing lists, especially if bought in or taken over from a previous business, should be getting in touch with people listed to get unambiguous consent to the use of their data with reasons for using it.

Changes came into force on May 25 after a two-year ‘grace’ period. Many data users have been asking for ‘clear consent’ from clients to use emails, etc and saying why it is being used.

Parental consent is also needed for the data of under-16s.

Asking permission is now mandatory and data should be encrypted for protection. If there is a breach clients must be informed within 72 hours.

Brexit will not effect the need for UK firms to comply as the UK government has said it will mirror the GDPR post-Brexit.

Fines for non-compliance can reach up to €20million or 4% of turnover. In France the CNIL information watchdog is responsible for policing. Its president, Isabelle Falque-Pierrotin, said compliance was easy and added that no guillotine would fall on businesses working to comply.

The law firm Pinsent Masons and insurer Hiscox has written a guide to the changes for small firms – tinyurl.com/ycfkas3b