Monthly Archives: October 2017

Data Protection2

The General Data Protection Regulations (GDPR)

The GDPR is set to kick off on 25 May 2018.  It increases the obligations on all businesses to ensure the safety of personal information of individuals stored on their systems, whether they are customers, suppliers or employees.

The GDPR will apply to data ‘controllers’ (employers) and now data ‘processors’ (employees) Previously, the Data Protection Act only applied to controllers. Processors involve the storing, retrieving and erasing of data. Controlling involves manipulation in terms of interpretation or decision based data.

The GDPR applies to personal data, but the definition is wider than under the current Data Protection Act (DPA) The regulations place greater emphasis on the documentation that data controllers must keep, to demonstrate their accountability.

Many of the GDPR’s main principles are similar to those in the current Data Protection Act (DPA) So if your business is complying properly with the present law, then most of your current compliance will remain valid and can be the starting point to build from.

However, there are new elements and significant enhancements.  Your business will have to do some things for the first time, and a number of things differently.  It is essential to start planning your approach to GDPR compliance now, with the rules coming into effect in May 2018.

As a starter you will need to gain ‘buy in’ from key people in your organisation.

You may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. The cost of which depends on the complexity of your business.

One key new feature is having to show how you comply with the rules. Evidencing compliance is known as the ‘accountability’ principle.

Employers: we suggest as a start that you map out where you hold personal data and from there you can establish what consents and extra steps you need to put in to comply with these new Regulations.

Contact us: we can assist with GDPR compliance for a fixed fee.