A North East telecommunications expert is issuing a warning to business owners to review their procedures and data storage, ahead of a significant legislation change.
Mike Odysseas, Managing Director of Stockton-based telecommunications firm Odyssey Systems, is urging businesses across Tees Valley and the region to embrace the General Data Protection Regulation (GDPR) in order to avoid heavy fines.
GDPR will replace the existing Data Protection Act from 25th May 2018 and change the way that personal data is obtained, stored and secured. It applies to all businesses that collect EU citizens’ data, which identifies individuals, including information obtained through video conferencing and call recordings, and will give people greater rights and control over their personal data.
As a result of the legislation change, businesses may be required to employ a Data Protection Officer to oversee the implementation, and staff will need to be trained in order to understand what constitutes a GDPR breach.
Breaches, and a failure to report them, can result in a penalty of £7.9m or two percent of a company’s turnover. For larger incidents this could even bankrupt an organisation.
Mike Odysseas said: “The financial penalties of any GDPR breach have the potential to cripple a company, which could bankrupt or lead to the closure of a small firm, so people must be aware of and respect these key changes. Staff training is essential and in some cases a Data Protection Office may need to be employed to oversee the implementation, which demonstrates the importance of the new directive.
“Firms using video conferencing and those which record calls, whether for training purposes or to monitor performance, must also be clear and ensure consent is agreed if personal data changes hands.”
GDPR will provide data subjects with the right to request that their personal data is permanently deleted and uncomplicated ways for people to withdraw consent must be available. It also covers indirect identification of personal data, which includes separate pieces of information that could lead someone to be identified.
The directive will also change the way in which firms contact third parties for data collection purposes, meaning companies will have to change the way they capture data as consent cannot be inferred.
Mr Odysseas added: “The changes could heavily impact on the marketing of businesses, particularly through digital marketing and subsequent data capture through emails, telesales or even text messaging. Firms need to review their policies and procedures well in advance of the changes to avoid potential headaches and consequences come May 2018.”