All businesses holding personal data will need to ensure their procedures are fit for purpose and comply with the new rules.
Legislation will affect UK businesses post-Brexit and, if found to be non-compliant, may result in potential fines of up to €20 million, or 4% of annual global turnover.
The BCC has issued the following guidance to its members:
David Riches, executive director at BCC, said:
“The General Data Protection Regulation is intended to reflect modern working practices in the digital age and will strengthen consumer trust and confidence in businesses.
“With 12 months to go, there are procedures businesses should be reviewing to determine what changes may need to be introduced to be compliant.
“Businesses that are already vigilant about their data protection responsibilities won’t be unduly burdened by the new legislation.”