The new General Data Protection Regulation (GDPR) came into force in the UK on 25 May 2018 and failing to comply can land businesses with substantial fines and reputational problems. It’s not just large companies that need to understand their data protection obligations, but also small businesses, charities, and even sole traders.
The GDPR introduces stiffer penalties for not complying with data protection law, making compliance more important than ever.
Although the GDPR is EU legislation, the Government has advised that it will not be affected by Brexit.
What data do you hold?
The first step to ensuring compliance will involve working out what data you hold, where it came from, where it is stored, how it is accessed and what internal policies (if any) are in place to process and protect it. This type of review is likely to be time consuming but is very necessary.
In particular, three key areas affected by the new rules under the GDPR are:
- HR or personnel - How do you gather and store information about your employees? Do your staff have the right training to understand what they should be doing to keep your business compliant under the new rules?
- marketing - Do you have the right type of consent from your customers to send out newsletters, adverts or deals?
- customers and contracts - How do you gather and store information about your customers and business contacts? Are your terms and conditions fit for purpose?
Even if you were compliant with the previous rules under the Data Protection Act 1998, you will almost certainly need to adapt your practices to comply with the GDPR.
Issues to consider
The new GDPR regime is detailed and technical which can make it difficult to navigate. Our experienced team can guide you through what it all means and what you need to consider. We can advise you on:
- the types of data involved, such as personal data and sensitive personal data;
- whether you are a data controller or data processor, and what that means for your business;
- how to deal with requests (‘subject access requests’) from individuals about the data you hold;
- whether you should appoint a data protection officer; and
- how to handle a data protection breach.
Our lawyers can do a “health check” of your policies and procedures, and help you meet your obligations under the GDPR. We’ll work with you to find solutions that are practical and convenient for an organisation of your size.
