What is GDPR and Will it Apply to My Business?
On 25th May 2018 the General Data Protection Regulations (GDPR) will take effect. The regulations will replace the existing data protection laws enhancing individuals’ rights and control over their personal data.
Broadly speaking, in order to comply with GDPR you will need to ensure that you collect data legally and protect it from misuse, or face penalties for failing to do so.
These regulations will affect any organisation that processes personal data. Personal data is any information about an identified or identifiable individual. This means that an IP address may be classed as personal data if an individual can be identified from that IP address.
You may hold personal data about your employees, customers, clients, or suppliers. Ultimately, as a business, you are likely to hold personal data and be caught by the new regulations.
What Do I Need to Do?
The Information Commissioner’s Office (ICO) has released guidance on the steps you should be taking ahead of 25th May (www.ico.org.uk).
Some key action points are:
- Awareness – The key decision makers in your business need to be aware of the regulations and the impact they will have on your business
- Audit – You need to document the data you hold, where it came from and who you share it with. The regulations require you to keep records of your data processing activities
- Review your current privacy notices. The regulations require additional information to be given such as explaining your lawful basis for processing the data, your data retention periods and the individual’s right to complain
- Review your subject access request policies to meet the new requirements
Identify your lawful basis for processing personal data. This needs to be identified, recorded and explained to those whose data you hold
- Where you rely on consent to process data, the regulations introduce big changes. You will need to review how you obtain, record and manage consent to ensure it is compliant
- Ensure you have the right procedures in place to detect, report and investigate breaches
We can help and guide you through the process of compliance with the Regulations. Contact us to find out more about how we can help.