Get ready for the new data protection rules

12th September 2017

The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

Where the current consents do not meet the new GDPR then action will be needed.

The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

 

 

For further information and advice get in contact with our team at Decisive:IT who can offer practical advice and take you through the steps you need to take to ensure you are compliant with the upcoming GDPR changes.

 

Other helpful links: ICO getting ready GDPR 12 steps.pdf



 
Other items in Blogs
 
Angelica Hunt
19th April 2021 HMRC – Tax refund delays

A number of our clients are experiencing long delays in receiving tax refunds from HMRC.   HMRC attribute these to the need for them to perform security checks in order to combat fraudulent claims.  In some cases, HMRC need more information in order to verify genuine claims.   They may issue a verification letter, either…

Read More »

Ian Piper
15th April 2021 2021 SME Growth: Revenge Spending?

As we pass the Covid-19’s first anniversary of its impact on our area’s economy, accounts of local SME’s are now starting to show part of the damage they have experienced through the lock-downs and associated restrictive measures. Thankfully, through Government financial help and the nimble footwork of businesses adapting to survive, the overall effect upon…

Read More »

Jaimie King
15th April 2021 Life after CBILS: The Recovery Loan Scheme

The government-backed Coronavirus Business Interruption Loan Scheme closed on 31st March to new applicants. Thankfully, the government has put in place further support for businesses, to follow this.   The Recovery Loan Scheme – Government backed loans, 3 months – up to 6 years depending on the product – Up to £10m, no cap on…

Read More »

Vanessa Pearson
26th March 2021 6 April: A Guide to Off-Payroll Working Tax Rules

The proposed new rules apply regarding who determines IR35 status for freelancers hired by medium and large companies are imminent. Our Brief Guide will help find out how this affects you and what you can do: A Brief Guide to Off-Payroll Working Blog entry by: Vanessa Pearson

Read More »

Ben Kilby
25th March 2021 I hear a rumour…

I hear a rumour that Lloyds Agricultural banking team based in Edinburgh has been disbanded and merged within other teams around the country. Although some within the new regional teams may have some knowledge of agriculture it has been suggested that customers felt that this was not important. It seems that the agricultural specialism within…

Read More »

Fiona Mann
24th March 2021 Making Tax Digital – the next steps

Our MTD Group have produced Issue 5 of their newsletter giving details of Making Tax Digital (MTD) as it continues.   So if you are unsure of what to do next, our newsletter has information and advice how to proceed.  Don’t delay however as penalties will be introduced if submission deadlines are missed.   W&P_MTD5…

Read More »