The clock has started – businesses must prepare for GDPR data protection rules

14th November 2016

Equifax has commented that the clock has started for Telco businesses to prepare for new data protection rules. Neil Compton, Telco and Utilities Director at Equifax said “Privacy and data protection are high on the agenda for consumers and regulators.  Telcos are custodians of vast amounts of data and must start overhauling their procedures now to meet the EU’s new General Data Protection Regulation (GDPR). GDPR is already in force and EU member states have until May 2018 to apply it. The UK will still be part of the EU on this date, and even post Brexit, the UK will want to maintain equivalent regulation to protect the public and their personal information. Consumers are increasingly focused on how their data is shared and kept secure and want to see good practice from the companies they deal with. 

 “The new regulation places greater emphasis on accountability and governance. Telcos need a clear trail proving they are compliant. The financial consequences of getting it wrong are very high. Fines can be issued for up to 20 million euros or 4% of global turnover. The Information Commissioner’s Office (ICO) will be monitoring closely for any company that doesn’t clearly tell an individual what they do with their data, and cases where information is not kept up to date or is held for longer than is necessary. Customers also have increased rights to object to processing of their personal information and can request to see the data held on them at any time free of charge. Careful planning for the new rules is critical as there are several areas to cover. The first steps include making sure key decision makers in your business are aware of the changes and their importance and auditing the information you hold, its source and how it’s used.  Your communication with clients about your use of their data needs to be reviewed and probably updated, as do your procedures for any data breach. Given the extensive preparation required and the serious implications of non-compliance, GDPR needs to be a priority issue at board level.”