Our blog keeps you in‑the‑know when it comes to the industry news and updates relevant to you and your business. You'll also find useful guides to help you operate more effectively and efficiently today and into the future.
Definition: The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. It also addresses the export of personal data outside the EU.
On May 25th 2018 the GDPR regulation will come into force by the Information Commissioner’s Office and will change how businesses and public sector organisations handle the personal data of their customers. This means that people have new rights to access the information that companies hold about them which encompasses better data management and also enforces a new regime of fines for those not complying. This is the most important data privacy change in 20 years - so we want to help you understand how the changes affect you and your business.
In the UK, data management currently falls under the Data Protection Act 1998 and stipulates how personal data can be used by organisations. As from May 2018, the UK will begin the new GDPR legislation meaning that the new rules will be in place for how we collect, store and use personal data.
Whether you plan on making changes to your current data security practices or not, GDPR introduces policies that affect everyone. It is important that any data-related improvements or any changes made are communicated to your clients and this applies to any data held, whether that be online or physical documents.
A person’s personal data is sensitive and should be treated with respect. Most businesses already have this category as a top priority when it comes to business practices but it’s a matter of keeping within the guidelines of the new legislation and making the client aware of the data you hold about them.
GDPR wants to know that a person has given consent for their data to be stored. You must be able to show some form of opt-in that the client has given consent - which takes away pre-checked boxes within marketing material or previous consent that they may have given - and they need to be given the option to withdraw at any time.
When a company collects personal data, it is required to provide information on how that information is to be used. When collecting data going forward, you will need to provide information regarding your lawful basis for processing the data, the data retention period and ways in which an individual can report to the ICO if they think there is a problem with the way their data is being handled.
Make clear and concise efforts to inform your clients of what you are doing and why you are doing it. Speak to them about their responsibility in the process and make them aware of the effects GDPR will have on them and their business. If you hold data for clients that you use to process on their behalf, you are responsible for how you use that data. Ensure that you take every step possible to know that the data you are using is compliant.