Get Ready For The New Data Protection Rules

    Simpson Wood
    27th September 2017
    Home » Blog Posts » Get Ready For The New Data Protection Rules

    The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

     

    Under the GDPR, businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

    GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

    The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

    One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

    Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

    Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

    Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

    ‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

    Where the current consents do not meet the new GDPR then action will be needed.

    The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

    The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

    Internet links:  ICO getting ready  GDPR 12 steps.pdf

    Need Some Advice?

    Looking for some help or a little advice?

    Call today on 01484 534431 or fill in our enquiry form below, and we’ll call you back.

    Clarity on new border checks is vital, says BCC

    The government must clarify plans around new customs processes as firms remain in the dark about crucial aspects of their operation, says the British Chambers of Commerce (BCC). The first…
    From below of delighted aged male entrepreneur in classy outfit standing on street and speaking on cellphone while laughing and looking away

    Over 50s bucking decline in freelance numbers

    Tens of thousands more over 50s are now running their own businesses despite an overall decline in self-employment since 2020, according to the Association of Independent Professionals and the Self-Employed…

    HMRC sends warning to cryptoasset users

    As the use of cryptoassets continues to grow HMRC is warning people to check if they need to complete a self assessment tax return for the 2022/23 tax year to avoid…

    Raise VAT threshold to £100,000, says FSB

    The government should raise the turnover threshold for VAT from £85,000 to £100,000, according to the Federation of Small Businesses (FSB). The business group said that this would give firms…