UK data protection laws are set to be overhauled, and no one is immune
A bill, which will transfer the European Union’s forthcoming General Data Protection Regulation (GDPR) into UK law, is set to transform the way spas handle data.
The GDPR comes into force on 25th May 2018. The regulation is designed to bring digital accountability to all businesses across Europe. Any business that handles data will have 12 months to become compliant; after this, substantial fines will be introduced – up to 4% of your annual gross incomes or €20m, whichever is higher.
Despite Brexit, the GDPR will affect UK businesses as we will still be part of the EU at the time the legislation comes in to force.
The scope of the GDPR is vast – it covers a huge variety of data-related subjects in immense detail. It’s likely to have most impact on spas marketing data and activities, HR management, website visitor logging (such as cookies etc), data storage and insurance.
Proposals included in the UK bill, which will supersede the GDPR when the UK eventually leaves the EU, will make it simpler for customers to withdraw consent for their personal data to be used and let them ask for their data to be deleted entirely. This means spas will be required to obtain ‘explicit’ consent when they process sensitive personal data or expand personal data.
In practice, this means it will no longer be acceptable to bury consent for marketing deep inside the small print or in your terms and conditions, or include it as part of a mandatory tick-box that must be clicked on before your products. As an added hurdle, you’ll also need to keep records which clearly show consent has been given.
This places a strong burden on businesses like spas to protect data.
Your customers will also be able to ask for personal data – things like their name and where they live – to be deleted. All of this goes beyond the ‘right to be forgotten’ rules that already apply to search engines.
Digital Minister, Matt Hancock, says: ‘The new Data Protection Bill will give us one of the most robust, dynamic set of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.’
.gif)
