I have for many months been steadfastly preparing for our company’s compliance in respect of the new General Data Protection Regulations which come into force on 25 May 2018. The number of clients who have been in contact with us to ask for more information has increased as the deadline approaches and I would advise that if you are not already prepared it is wise to make an immediate start.
The changing European data protection laws will affect all businesses in the UK and replace the current Data Protection Act.
The GDPR is a framework with greater scope, much tougher punishments and judicial remedy for those who fail to comply with new rules around the storage and handling of personal data, be it in physical or electronic format.
Personal data is a key tool for SMEs looking to target and retain customers. GDPR means it must be handled with utmost care and your protection procedures need to be transparent.
This means businesses should review their existing data and delete any that they do not have a valid reason to hold. The GDPR sets out the legal bases available for processing personal data such as:-
- Consent
- Contractual
- Legal obligation
- Legitimate interest
Businesses should review what data they hold, and where they need consent have they got it, and with all data do they need to keep it?
Data should be kept secure and this will require a review of current practices to prevent data breaches.
You will need to look at your existing data protection procedures and check they comply with the GDPR and ensure you are compliant by the deadline.
Our downloadable guide to GDPR with handy list to action is available here