General Data Protection Regulation (GDPR)

On the 25th of May 2018, new data protection rules from the general data protection regulation (GDPR) will be introduced.

These new rules have been designed for the safety of personal data of EU member states – with a focus on both transparency and accountability. The U.K.'s decision to leave the EU will not affect the U.K.'s participation or the commencement of the GDPR.

The GDPR legislation will replace the 1988 Data Protection Act – and so, any business, whatever their size, that doesn't comply with the legislation, can be hit with heavy fines of up to €20 million – or 4% of the annual turnover (the higher amount).

Some key points to bear in mind;

• Awareness – make decision-makers in your business aware of the changes
• Document information you hold
• Review current privacy notices
• Check that your procedures cover individuals’ rights
• Update your procedures and plan how you handle requests
• Identify the lawful basis for your processing – document and update your privacy notice to explain it
• Review how you seek, record and manage consent. Make changes, if necessary
• Think about whether you need to put systems in place and whether you need to obtain parental/guardian consent (children)
• Ensure you have the correct procedures in place to detect, report and investigate personal data breach
• Familiarise yourself with the ICO’s Code of Practice (Information Commissioners Office)
• Designate somebody to take responsibility for data protection compliance

With thanks to the ICO for this information.

For more information and for a checklist for you to use to check over your business’s data, please visit https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/

Buckler Spencer - Where Everybody Counts