Get ready for the new data protection rules

12th September 2017

The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

Where the current consents do not meet the new GDPR then action will be needed.

The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

 

 

For further information and advice get in contact with our team at Decisive:IT who can offer practical advice and take you through the steps you need to take to ensure you are compliant with the upcoming GDPR changes.

 

Other helpful links: ICO getting ready GDPR 12 steps.pdf



 
Other items in Blogs
 
Kim Clayden
13th April 2018 Making Tax Digital Seminar Two – St Ives

       Our second MTD seminar was in St Ives at the Slepe Hall Hotel on Thursday 12th April. Which was a much more convivial venue. A smaller group meant more personal conversations with our clients and we were able to give a number of clients the time they needed to fully understand the next steps for…

Read More »

Daniel Coleman
11th April 2018 Making Tax Digital ‘Roadshow’ – Huntingdon

We have begun the first of eight seminars discussing the preparation needed for making tax digital. Our first seminar kicked off in Huntingdon at the Marriott hotel and was a great success. With around 30 people attending we explained to clients what making tax digital was, how it was going to effect them and more…

Read More »

Paul Jefferson
5th April 2018 Reclaiming VAT: Checking the validity of your supplier invoices.

  VAT registered businesses will be aware that they can only reclaim VAT on business purchases if they have a valid VAT invoice.   For supplies over £250, this invoice should disclose: Supplier: sales invoice unique sequential invoice number, name, address and VAT number. Date and tax point, if different Your name and address Description…

Read More »

Scott Butcher
5th April 2018 Deadline Approaching for ATED forms

  If you have a residential property which is worth more than £500,000 and is held in a company then you will be required to complete an Annual Tax on Residential Dwellings (ATED) form. The deadline is fast approaching with all ATED forms for 2018 to 2019 tax year being due for filing by 30th…

Read More »

Vanessa Pearson
5th April 2018 HMRC loses IR35 case

  A contractor in the construction industry, Mark Daniels, has won his appeal against HMRC. In MDCM Ltd v Revenue & Customs, HMRC were defending their decision that a contract between Mr Daniels’ personal service company MDMC Ltd and recruitment agency Solutions, which provided his services to Structure Tone Ltd,  should have been caught by…

Read More »

Richard Alecock
5th April 2018 Top mistakes tax payers make when completing their tax returns.

  Making mistakes on self assessment tax returns however innocent can lead to enquiries, investigations and additional tax, interest and penalties. Below are some of the top mistakes many people make: Forgetting to include income from a previous employment that ended part way through a tax year. Forgetting to include benefits from a previous employment…

Read More »