Get ready for the new data protection rules

12th September 2017

The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

Where the current consents do not meet the new GDPR then action will be needed.

The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

Internet links: ICO getting ready GDPR 12 steps.pdf



 
Other items in Blogs
 
Daniel Coleman
19th October 2017 App based banking – Atom

  What is Atom: an app based bank? Basically there are no branches and they don’t act like conventional banks. They use biometric security: face and voice recognition to log into their app. Everyone who joins Atom is given their own unique personalised brand. Put simply they get to name their own bank, have their…

Read More »

Hannah Wisbey
17th October 2017 Actors: IR35 tax rules will probably apply.

  In a recent tax tribunal test case, relating to the well-known actor Robert Glenister, HMRC were challenged as to whether the IR35 intermediary tax rules should apply to an actor earning his living through a personal service company.   As is typical with individuals providing their personal services through an intermediary company, Mr Glenister…

Read More »

Donna Gidney
17th October 2017 Start-Ups: Choosing a Business Name

  What’s in a Name? Having decided to start out in business, you will need to choose an operating name.  This is an important decision as it is the first thing that customers notice about you.   There are several factors to consider, including:   Relevance & Personalisation You may want to refer to your…

Read More »

Neil Groom
12th October 2017 Trust Registration Service

  HMRC has released guidance for trustees and their agents for the new online Trust Registration Service (TRS) which has been operating since the middle of July. The new service replaces the old form 41G, as well as a section of the trust tax return used to report changes in trustee contact details.   Trusts…

Read More »

Mark Burrows
11th October 2017 Making Tax Digital – will free software be available?

  When Making Tax Digital (MTD) was first announced, HM Revenue & Customs said that free software would be available for the most straightforward small businesses.  Under MTD records of business income and expenses will be required to be kept digitally using a software product or app.   HMRC have since provided clarification on which…

Read More »

Thomas Carter
11th October 2017 Xerocon London 2017

Two fantastic days at Xerocon London on 4th and 5th October as 2000 attendees from 24 countries descended on the ExCel, the annual event for Xero Partners. Over the two days, four of our staff: Tom Carter, Dan Coleman, Steph Tinkler and Chip Moore attended the event. It was an opportunity to learn about new…

Read More »