The implementation of the General Data Protection Regulation (GDPR) is something which a lot of businesses are currently in the midst of finalising their preparation for.
However, a lot of businesses still have questions about what the GDPR means for them and in this article, we have briefly highlighted some of the key “at a glance” facts which we think it’s important to be aware of.
The GDPR comes into force on 25th May 2018 – put the date in the diary!
Business in the EU
The GDPR applies to those businesses established in the EU or which are based outside the EU but offer goods and services inside the EU.
The increased fines for breach of the GDPR have attracted a lot of headlines. Regulators are now able to issue fines of up to €20 million or 4% of annual worldwide turnover, whichever is the greater.
Data Protection Act 1998 and the GDPR
While the introduction of the GDPR is currently quite a hot topic, a lot of its provisions retain the core principles set out in the existing data protection legislation in the UK, the Data Protection Act 1998. Therefore a business which currently complies with its obligations under the Data Protection Act 1998, has a good starting point to being able to demonstrate GDPR compliance.
The GDPR focuses a lot on accountability. It is important that businesses not only comply with the GDPR but are also able to demonstrate their compliance with the correct policies and procedures governing how they manage the personal data they process.
Whenever an individual’s personal data is being processed, they need to be provided with a Privacy Notice. The information which is required to be given to individuals in a Privacy Notice is set out in the GDPR.
It is important for any business processing personal data to ensure that it is kept securely. Depending on the nature of the personal data which is held, enhanced security measures such as encryption may be required.
Data Protection Officer
A Data Protection Officer is someone appointed to be in charge of data protection compliance for a business and who must report to the highest level of management. Not all businesses require a Data Protection Officer but if you are required to appoint one, it’s important to make sure this is done.
How can BHW help?
We can put together a tailored package to meet the GDPR needs of your business. If you’ve not yet taken steps to consider the effects of the GDPR on your business, we can help with the preliminary activities such as carrying out a data mapping exercise to work out exactly what personal data is processed by your business. Whether or not you’ve carried out a data mapping exercise, we can also help you put together your privacy notices and your policies and procedures to demonstrate your GDPR compliance. We can also help you review and update your contracts with third party data processors.
You may be considering whether you are required to appoint a Data Protection Office and we can advise you on whether or not this is required. We can advise you on all your other obligations under the GDPR and if you wish, we can also assist with staff training.
If you would like to discuss any aspect of the GDPR, please contact Matt Worsnop at firstname.lastname@example.org.