If you haven’t already heard, next May there is going to be a big change in the way personal data is retained and used and equally how it is regulated and protected.
The General Data Protection Regulation (GDPR) will officially replace the UK’s Data Protection Act on 25th May 2018.
Key to these changes is the way in which personal data is collected, handled, stored and shared, giving the relevant authorities the power to enforce compliance and take action, and at the same time it gives individuals more rights over their own personal data storage.
The full GDPR listing has 99 individual articles. As a business, compliance will require both new business processes along with the re-engineering of existing ones, in conjunction with enhanced record-keeping and documentation, especially where personal data is located within your organisation. This stored data must include details of the specific purposed for which it was collated, along with the individual’s consent for each piece of data stored and including how and when the consent was obtained!
This means that your business ultimately has just over six months to ensure that your data protection is both adequate and compliant before the new rules come into effect.
For most smaller businesses, it is not going to be a legal requirement to appoint a Data Protection Officer (DPO) under GDPR. However, it would certainly be beneficial to your company if you appoint someone to be responsible for your data obligations, be it a member of staff or someone outside your organisation. The acting Data Protection Officer will need to serve as a point of contact between the public and the Information Commissioner’s Office (ICO) in the event of a data breach.
There will be fines for non-compliance which will be significantly higher than the current penalties. The fines can vary and will depend on the infraction or be assigned as a percentage of total turnover.
We will cover GDPR in more detail over the next coming months. However, in the interim, if you feel that your company would benefit from a conversation in total confidence regarding GDPR, or indeed in appointing an acting DPO, then please call 0121 516 0299 or email firstname.lastname@example.org.
We look forward to hearing from you…