In May 2018 a new law come into effect in the UK. The General Data Protection Regulation, or GDPR, will apply to all companies which process EU citizens’ personal data (for example greeting card purchasers) and seeks to tighten up the rules relating to storage and transfer of those people’s private information.
The aim of GDPR is to ensure that personal data is sufficiently protected by organisations which hold it and enable the prosecution of those that don’t. It is hoped that this will reduce the risk of large data breaches in future and increase the public’s confidence in how companies treat its personal data. In the long term, it could help prevent sensitive personal information ending up in the hands of cyber criminals.
The GDPR introduces new responsibilities and duties of which businesses will need to be aware. The greatest challenge facing businesses may well prove to be gaining direct consent to collect individuals’ fresh personal data. It will have to be clear how the information will be used and silence or inactivity no longer constitutes consent from the individual.
For full details of the law, and the latest information, see the Gov.UK website https://www.gov.uk/data-protection