GDPR comes into force on 25 May 2018 and fines for non-compliance and data breaches have the potential to reach eye-watering levels.
If you’re still not entirely clear about what you need to do to comply with this complex piece of legislation, The Morning Advertiser has published a no-nonsense guide Get to grips with GDPR to help businesses understand what they need to know, why and how to stay on the right side of the legislation.
From small rural pubs right up to biggest pubcos, suppliers and breweries everyone needs to be aware of the risks and their legal obligations. And this isn’t one of the regulations that might quietly go away after Britain leaves the EU. It is here to stay.
Data control
GDPR has been designed to give people more control over their data. This means hospitality sector businesses will face much greater scrutiny of the way they handle customer data than ever before.
Gaining consent from customers is a big part of the new rules, as is how this consent is recorded and what that data can be used for. Under GDPR, customers also have the right to see that data, ask for it to be edited, restricted or erased at any time.
Businesses also face huge fines if they fail to protect the personal data they hold. Breaches can mean anything from accidentally CCing in personal emails rather than BCCing (blind carbon copying) them to failure to have roust enough cyber security to stop hackers breaking in to your systems and stealing data.
Eye-watering fines
On top of this, businesses are not only responsible for the data they hold but also for checking that any third parties, such as suppliers, that handle their data, comply with GDPR.
Potential fines are huge. The maximum penalty is €20m (£17.7m) or 4% of total global turnover for the previous year, whichever is highest.
Don’t get caught out, be prepared for D-day (data day) coming soon.
- Click here to download your The Morning Advertiser's new Get to Grips with GDPR guide