GDPR - what’s all the fuss?

GDPR - what’s all the fuss?

10 January 2018 Fasil Hussain

There has been a topic that has been much discussed in recent months and one that will impact many businesses, both large and small very soon. That is The General Data Protection Regulation (GDPR). 

On 25 May 2018 the much anticipated and much talked about GDPR will start being enforced across Europe. Sure enough, the introduction of these regulations will present businesses and organisations with challenges.  But, with education and careful planning, these challenges could potentially convert into valuable opportunities.

The independent body that upholds and oversees the implementation of GDPR is the Information Commissioners Office.  Here, taken from their website, are the 12 steps that the key people in your business or organisation need to take -

  1. Awareness - Be aware that the law is changing to the GDPR. You need to understand its likely impact.
  2. Information you hold - Document the personal data you hold, where it came from and who you share it with.
  3. Communicating privacy information - Review your privacy statements and check they comply with the new GDPR.
  4. Individuals’ rights - Check that your procedures comply with individuals’ rights, including how you store and delete their personal data.
  5. Subject access requests - Be clear about how you will respond to peoples’ requests for information about their data.
  6. Lawful basis for processing personal data - You should document the way you handle personal data and update your privacy policy accordingly.
  7. Consent - Review how you seek, record and manage consent. Do these procedures comply with the new GDPR?
  8. Children - Do you need to instigate systems that verify peoples’ ages and to obtain parental or guardian consent for your data processing activity?
  9. Data breaches - You need to have the procedures in place to effectively detect, report and investigate personal data breaches.
  10. Data protection by design and Data Protection Impact Assessments - Be familiar with the ICO’s code of practice on Private Impact Assessments and work out how and when to implement them.
  11. Data protection officers - Designate someone to be responsible for data protection compliance. Check whether you need to appoint a Data Protection Officer.
  12. International - If your company or organisation operates cross-border processing with more than one EU state, you need to check that you are compliant.

In short, there are three pillars to GDPR -

  1. How you acquire, maintain, store and delete personal data.
  2. How you respond to requests from individuals for information about their data.
  3. Being transparent and trustworthy about individuals’ data.

Look again at point 3.  Here’s the golden nugget.  Trust.  This is where your compliance with GDPR can turn into a ‘win’ for your business.

Benefits of complying with the GDPR

When the regulations become law on May 25th 2018, companies will respond in different ways.    Ensuring compliance with the GDPR will not just be a matter of best practice; the penalties for non-compliance will be serious (including potential fines of up to €20m). However, companies should embrace GDPR and look at the positives of being compliant.  

Once your business is GDPR compliant, you’ll be able to use your website, your privacy notices, your letterheads, your company marketing emails, to tell the world that you are GDPR compliant.  You’ll be demonstrating that you care about your clients, customers and contacts; that you respect and value the security and privacy of their personal data.  In short, you’ll be demonstrating clearly that your business or organisation is one that they can trust.

Will Brexit change the status of GDPR?

No. GDPR will become law in May 2018, while the UK is still part of the EU. That means compliance is absolutely required for UK businesses. Secondly, the UK Government has confirmed that it is committed to retaining all aspects of GDPR after Brexit.

Contact us for advice on GDPR

The company commercial team at Neves Solicitors LLP can assist you in ensuring your business or organisation is on the right side of the GDPR obligations. If you would like advice on the new regulations or any of our other services please call 01908 304560 or e-mail us.