CW+ Premium Content/MicroScope

Even at times when business leaders’ attention is elsewhere, compliance is hugely important. Enterprises need to comply with a growing suite of data protection, privacy and industry-specific rules and regulations, including laws drafted overseas. Chief among these are the EU’s General Data Protection Regulation (GDPR) and the UK’s Data Protection Act. These are joined by the Privacy and Electronic Communications Regulations or PECR. Firms that handle card payments continue to be governed by the PCI-DSS regulations, and businesses that trade with the United States could fall under the scope of the California Consumer Protection Act. GDPR will not go away when the UK finalises its departure from the EU. In fact, GDPR is being written into UK law. Its scope is wide, and penalties harsh and can run to up to 4% of global turnover. “GDPR regulates the processing of personal data,” says Nigel Miller, partner at law firm Fox Williams. “This means data must be collected for specified, explicit and legitimate purposes and not further ...