We’re a business who pride ourselves on helping to keep thousands of UK businesses complaint, across a range of different legislation governed areas.
GDPR is an upcoming piece of legislation that will affect every business, no matter how small. Here’s a quick introductory guide to get you up to speed with the new General Data Protection Regulations (GDPR).
What is GDPR, and when does it come into place?
GDPR, or the General Data Protection Regulations, will come in to force in the UK on 25 May 2018, the aim is to strengthen the rights of citizens regarding how their data is held, used, and collected.
It cracks down on the way businesses store, share and use data as well as how they collect the consent of the people they store it on. This includes the subsequent paper trail of proof.
Why is this so important?
To consumers – it adds new levels of protection and control over their data.
To you, a business – it heavily changes the way you handle data, be it prospects, employees, or customer records. If you haven’t already got a plan in place to prepare for GDPR, now is the time to start.
Who is affected by GDPR?
If you have one item of potentially identifiable information on anyone, be it an employee, a customer, a potential prospect or even a supplier/business partner, then you will need to adhere to the new GDPR rules.
What happens if my business doesn’t comply?
GDPR has been in many headlines recently because of the increased penalty provisions. The law would give supervisory authorities (in the UK this is the information commissioner’s office, ICO) greater power to hand out penalties. For example, The SA would be able to:
- Carry out data protection audits
- Issue warnings to the data controller and processor in the likelihood of a GDPR breach
- impose a temporary or definitive limitation including a ban on processing;
- Administer fines of up to €20 million or up to 4% of annual global turnover for serious GDPR violations.
What about Brexit?
The GDPR legislation is made by the European Parliament & Council, which may leave you thinking “What about Brexit?”…
In February 2017 the UK’s Digital Minister Matt Hancock confirmed that the UK plans a full implementation of GDPR standards. This will ensure the secure, free-flow of data between the UK and EU following Brexit. GDPR would apply to UK companies who process data, even if they are not established inside the EU.
However, until this is implemented and while the UK remains subject to EU law, your organisation must continue to focus on becoming fully compliant with the GDPR by 25th May 2018.
What do I need to do?
- Establish who controls and processes the personal data in your organisation
- Map out where your information is stored, who is sharing it, who has access to it, and why you need to keep the data.
- If you are regularly monitoring sensitive personal data, you may need to appoint a Data Protection Officer to oversee your organisations’ compliance.
- In the event of a data breach, you’ll have 72 hours to report this to your lead supervisory authority.
- Carry out privacy impact assessments on all new projects and update your privacy notices, consents and rights for individuals.
Get to grips with GDPR readiness with this guide
Need further information on how to prepare for GDPR?
As more details surface we will keep you updated on the essential details.