Get ready for the new data protection rules

12th September 2017

The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

Where the current consents do not meet the new GDPR then action will be needed.

The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

 

 

For further information and advice get in contact with our team at Decisive:IT who can offer practical advice and take you through the steps you need to take to ensure you are compliant with the upcoming GDPR changes.

 

Other helpful links: ICO getting ready GDPR 12 steps.pdf



 
Other items in Blogs
 
Adrian Mackenzie
25th March 2019 When doing nothing is best

From time to time, stock markets go through periods of uncertainty. This could be down to some poor economic news or perhaps due to a political crisis.  The sharp falls that can be experienced at such times are understandably unsettling for investors. They can even tempt some to change their long-term plan by selling their…

Read More »

Thomas Carter
21st March 2019 Preparing for Brexit – Do you trade within the EU?

Your UK business may need an Economic Operator Registration and Identification (EORI) number if we leave the EU with no deal.   What is an EORI number?   An EORI number is a unique identifying number assigned to individual importers and exporters to track trade between the EU and non-EU countries. It’s used during Customs…

Read More »

Lisa Mason
18th March 2019 Payroll update: March 2019

  The team at Whiting’s payroll bureau have produced their latest newsletter, to keep clients updated on relevant recent changes to payroll and related legislation.   Edition 10 – March 2019  

Read More »

Fiona Mann
18th March 2019 High scoring Hannah wins award

Many congratulations to Hannah Shales from our Wisbech office who has achieved a world topping score of 95 in the December 2018 Financial Report exams, set by the Association of Chartered Certified Accountants.   Hannah worked extremely hard with her studies and has been rewarded with an ACCA certificate, cash prize and a bottle of…

Read More »

Lisa Smith
11th March 2019 Revised rates for the Annual Tax on Enveloped Dwellings

The charges made under the Annual Tax on Enveloped Dwellings (ATED) regime increase in line with inflation on 1 April 2019:   Property value From 1 April 2018 From 1 April 2019   £ £ More than £500,000 up to £1 million 3,600 3,650 More than £1 million up to £2 million 7,250 7,400 More…

Read More »

Lisa Smith
11th March 2019 UK residents with UK residential property gains – new obligations from 6 April 2020

From 6 April 2020, UK residents disposing of UK residential property will have new capital gains tax (CGT) reporting and payment obligations. The introduction of a 30-day reporting and payment window, i.e. within 30 days of completion of the sale, marks a significant change to the administration of CGT.   The changes do not apply…

Read More »