Are you prepared for the new General Data Protection Regulation?


On 25 May 2018, the new General Data Protection Regulation (GDPR) is set to take effect. Under the new rules, organisations which collect, store and process individuals' personal information will be subject to new obligations, with an increased emphasis on accountability and transparency. Here, we outline some key steps you should take to help ensure that your business is prepared.

Keep records relating to the personal information you hold Businesses should make sure they have up-to-date records relating to the personal data that they hold. These records should include where the data came from and who it has been shared with.

Under the new GDPR, businesses must comply with the new 'accountability' principle, which outlines the need to demonstrate how they are abiding by the new data protection requirements.

Identify your lawful basis for processing personal information Businesses must identify their lawful basis for processing activity within the GDPR, record this and update their privacy notices accordingly.

The GDPR will modify some individuals' rights, depending on a firm's lawful basis for processing personal data. If you use consent as your lawful basis for processing, clients will have a greater right to have their data deleted, if they so wish.

Your lawful basis will also have to be set out upon answering a subject access request. Businesses are advised to document their lawful basis so that they remain compliant with the accountability requirements of the GDPR.

Review your privacy notices Businesses should review any privacy notices they have and, where necessary, make sure that these are amended in time for the implementation of the GDPR.

Under the new rules, businesses are required not only to inform individuals about their identity and how they intend to make use of the data, but also to explain their lawful basis for processing the information, as well as outlining their data retention periods. Businesses must also inform their clients that they have a right to complain to the Information Commissioner's Office (ICO) if they believe that there is an issue with the way in which their personal data is being handled.

Ensure adequate procedures are in place to prevent data breaches Businesses are urged to make sure that adequate security systems are in place to detect, report and investigate any breaches.

The new GDPR will introduce a requirement for firms to report certain types of data breach to the ICO. The ICO must be notified if the data breach may result in a risk to individuals' rights and freedoms. Businesses will also be required to inform affected clients in cases where the breach results in a high risk to individuals' rights and freedoms.

Larger businesses may wish to create policies for handling data breaches, and communicate these to their employees.

Review how your business seeks and records consent Businesses are advised to review how they seek, record and manage individuals' consent. Consent must be given freely, and should also be informed, unambiguous and verifiable.

The business must also provide simple ways for clients to withdraw their consent.

Consider appointing a Data Protection Officer Appointing a Data Protection Officer may help to ensure that your business complies with the stringent GDPR data protection rules.

Public authorities, organisations that process health records or criminal records and organisations that monitor individuals on a large scale are required to appoint a Data Protection Officer.

These are just some of the key measures you should consider to help ensure that your business is ready for the introduction of the new GDPR. Further information can be found on the ICO website.

Enquiry Form

More News

Multiple home ownership: beware of the tax changes

Multiple home ownership: beware of the tax changes

Significant changes to the rules on property tax relief are currently being phased in, which may have implications for those looking to rent out or pu...

Read More
'Rights for shares' plans are reinstated

'Rights for shares' plans are reinstated

17 Apr 2013 The Government’s plan to introduce a new employee ownership scheme has been reinstated, following its previous rejection by the House o...

Read More
PAYE: beware the late payment penalties

PAYE: beware the late payment penalties

Under the Pay as You Earn (PAYE) system, it is the duty of the taxpayer to make sure that any payments to HMRC are made on time. HMRC will not send re...

Read More

Read More

Read More

List your business

Would you like to register your company on one of the UK's largest and most effective Trade websites?

Are you looking for a reliable and consistent source of enquiries from your industry sector? Would you like to see why Find the Needle clients come back year after year to use our service? If so then feel free to register using the link 'here'.

Office Address: