by Ian Girling, chief executive, Dorset Chamber of Commerce and Industry

ARE you ready for GDPR?

On the April 14, 2016, the EU Parliament approved the new General Data Protection Regulation requirements which will become enforceable from May 25, 2018. This will replace the previous Data Protection Directive and have been developed to keep pace with the 21st century digital landscape.

Given the UK will be leaving the European Union, many businesses have asked if they will still be subject to the new GDPR requirements. The fact is that if you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply.

If your business activities are purely limited to the UK, the situation is less clear – however the UK government has indicated it will implement an equivalent mechanism for the UK. The government has committed to making the UK as safe a digital environment as possible – leaving the EU will not mean businesses do not need to meet these standards.

There are many requirements within the new GDPR regulations regarding the management of data of individuals – and a failure to meet these requirements will be expensive. Those found to be in breach could be subject of fines up to four per cent of turnover or 20million euros, whichever is greater. It’s essential that businesses understand and prepare for the introduction of these new requirements.

So what’s covered by GDPR? Essentially GDPR is about the protection of personal data you hold for individuals. According the EU, personal data can include “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”.

The government states: “Under the plans individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. This will also mean that people can ask social media channels to delete information they posted in their childhood. The reliance on default opt-out or pre-selected ‘tick boxes’, which are largely ignored, to give consent for organisations to collect personal data will also become a thing of the past.”

GDPR is something to be taken seriously by businesses. GDPR will permanently change the way you collect, use and store customer data. There is a range of guidance on-line and Dorset Chamber is also holding a seminar on the new requirements in partnership with Lester Aldridge on November 30 – open to all businesses and free to DCCI members. Visit to find out more.