Get ready for the new data protection rules

12th September 2017

The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

Where the current consents do not meet the new GDPR then action will be needed.

The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

 

 

For further information and advice get in contact with our team at Decisive:IT who can offer practical advice and take you through the steps you need to take to ensure you are compliant with the upcoming GDPR changes.

 

Other helpful links: ICO getting ready GDPR 12 steps.pdf



 
Other items in Blogs
 
Bethan Hassey
18th January 2018 Guide to filing confirmation statements

  A confirmation statement (CS01) must be filed by a company every year to confirm the information held about them at Companies House. Even if the details on the CS01 haven’t changed since last year’s statement, you must still submit one. This is usually within 14 days of the anniversary of incorporation of the company…

Read More »

Lisa Searle
8th January 2018 National Minimum Wage Rates

  Effective from April 2018 the National Minimum Wage rates will be increasing again, as per the below figures: Workers aged 25 years or more: £7.83 per hour Workers aged 21 to 24 years: £7.38 per hour Workers aged 18 to 20 years: £5.90 per hour Workers aged under 18 (but above compulsory school age):…

Read More »

Julie Quayle
8th January 2018 HMRC – Appeals

  HMRC has updated the postal address for where to send grounds for appeal if you have not paid your PAYE and National Insurance contributions on time. The address that should now be used is: DM PAYE Late Payment Penalties HM Revenue  and Customs BX9 1EW HMRC will charge penalties if more than one of…

Read More »

Jaimie Lane
4th January 2018 Charity annual returns due

  Charities with the financial year end of 31 March 2017 must submit their annual return by 31 January 2018, 10 months after the year end. What you need to submit varies based on whether it is an un-incorporated organisation or a charitable company. It also varies based on income of the charity – requiring…

Read More »

Richard Alecock
4th January 2018 Directors’ responsibilities

  Limited company directors and secretaries are collectively referred to as ‘officers’. Directors are appointed by members (shareholders and guarantors) to run and manage the day-to-day operations of the business. Secretaries are optional for private companies, but not public companies. They are usually appointed to assist directors with important administrative tasks. An Overview Company directors…

Read More »

Andrew Band
4th January 2018 EU competition infringements by European truck manufacturers

  The European Commission imposed fines of €3.4 billion in July 2016 and September 2017 following findings that a number of manufacturers were party to a cartel at senior management level from 1997-2001. Breakdowns of the fines for the companies involved were as follows: Daimler/Mercedes – €1 billion Scania – €880 million DAF – €752…

Read More »