Get ready for the new data protection rules

12th September 2017

The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

Where the current consents do not meet the new GDPR then action will be needed.

The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

 

 

For further information and advice get in contact with our team at Decisive:IT who can offer practical advice and take you through the steps you need to take to ensure you are compliant with the upcoming GDPR changes.

 

Other helpful links: ICO getting ready GDPR 12 steps.pdf



 
Other items in Blogs
 
Victor Courdelle
15th October 2018 If HMRC Can’t Say, Who Can? – Records Required for ‘Cash Accounting for VAT’ Under MTD

Reference to VAT Notices 700/21, 700/22 and 731 suggests that a business using Cash Accounting for VAT under Making Tax Digital will be required to:- Maintain digital accounting records at transaction level: Keep a digital VAT account using Accrual accounting; Cross reference Monies Received and Paid against individual Sales and Purchase invoices within their digital…

Read More »

Thomas Carter
12th October 2018 How to choose a business structure

Are you thinking about setting up a business?  If so, one of the first decisions you will need to make is that of business structure. The main business structures are: sole trader, partnership, limited liability company, and limited liability partnership (LLP). Sole trader – This is the easiest set up, with very little in the way of red…

Read More »

Richard Alecock
11th October 2018 Why a start up business should complete a business plan

A business plan is a written document that describes your business. By committing your thoughts to paper, you can understand your business better and also map specific courses of action that need to be taken to improve your business. It covers objectives, strategies, sales, marketing and financial forecasts. A business plan can help you to:…

Read More »

Richard Alecock
11th October 2018 Making Tax Digital, VAT and newly registered businesses

All VAT registered businesses with a turnover over the current VAT registration threshold of £85,000 will be required to comply with the Making Tax Digital (MTD) record keeping and reporting requirements for VAT periods which start on and after 1st April 2019. Where a business is VAT registered but has turnover under £85,000 at April…

Read More »

Matilda Mawson
5th October 2018 Have you elected not to claim child benefit?

You may wish to consider the implication this could have on your state pension in later life. Following the introduction of the high income child benefit charge in January 2013 many new parents have decided not to make a claim for child benefit as their individual income is well above the threshold to be fully…

Read More »

Victor Courdelle
4th October 2018 Working With Award Winning Software

We are delighted to announce that two of our chosen software providers have just won national recognition in the 2018 Accounting Excellence Software Awards held in London on 20 September: Xero Accounts – Winner – Accountancy Excellence Awards 2018: Small Business Accounting Software of the Year, Practitioners’ Choice. Receipts Bank – Winner – Accounting Excellence…

Read More »