The clock is ticking. Are you ready for GDPR?

Back to HubNext ArticlePrevious Article

The clock is ticking. Are you ready for GDPR?

In our previous articles we addressed the impact of the General Data Protection Regulation (“GDPR”) for businesses that use or handle personal data. GDPR is a significant change affecting almost every business but the impact will be different depending on the nature and size of the business - there is no “one size fits all” solution.

GDPR comes into force on 25 May 2018 so it’s not far away. However, becoming GDPR compliant is not the end of the story. As each business evolves it will need to regularly monitor its compliance to make sure it continues to meet its legal obligations.

 

With the deadline approaching you should by now have taken steps to review, and where necessary, upgrade your existing data protection policies, procedures and processes.

 

 

Key Steps – Data Audit

 

By now many of you will have carried out a data privacy audit and prepared a compliance programme based on your gap analysis. Your audit should have enabled you to identify the personal data you collect and how it is used, shared, stored, amended and deleted.

Having reviewed a number of audits there are some key issues that every business should have in mind. These are as follows:

 

Key Issues

 

  • Does the size of your business and the volume of personal data it deals with justify appointing a data privacy team and, importantly, a Data Privacy Manager/Data Protection Officer?
  • Has there been a thorough review and testing of your cyber security?
  • Are your commercial contracts up to date in so far as they reference personal and sensitive data issues?
  • Are your data privacy policies and procedures up to date? Don’t forget your Staff Handbook, as staff are expected to know what their responsibilities are and how they should deal with data breaches and access requests – even the obvious needs to be stated
  • Are your data consent forms and privacy notices up to date? Do you have a privacy notice which can be accessed from your website?
  • Have you implemented a training programme for staff and especially bespoke training for leaders, managers and specific roles: they all need to know what is expected of them
  • Have you put in place key documents such as your Data Inventory Record, FAQs for staff and a Data Risk Assessment?

If it helps, we have designed a GDPR Data Health Check Questionnaire which will help you through the questions listed above and many others. From this you should be able to design a compliance programme that meets the needs of your business; one size does not fit all. If you would like a free copy of our questionnaire please email Noel Ruddy.

 

However, its not all about GDPR!

 

For those businesses, which undertake marketing by phone, email, text or fax, or use cookies or similar technology you will need to get to grips with the new ePrivacy Regulation which will replace the current Privacy in Electronic Communications Regulation (“PECR”) later this year. The new Regulation complements GDPR. Its aim is to create uniformity across the single digital market. However, whilst the new Regulation aims to simplify rules regarding the use of cookies (there will be no more cookie consent pop ups) browser settings will now be required to give website visitors the option to accept or refuse cookies so that there is no confusion by any individuals exploring websites. It’ll be interesting to see in due course as to how legislators will deal with the many concerns raised by the online media industry.

 

It’s also worth bearing in mind the new Data Protection Bill, which is currently making its way through Parliament. The Bill will ultimately replace GDPR (as well as making further changes and additions). The date it will come into effect has not yet been confirmed. We will have fun working out when it will apply when we leave the EU!

 

ICO Annual Fee

 

On a final note, the ICO annual fee is changing with effect from 25 May 2018. From that date there are tiers which determine the fee in terms of turnover or staff, whichever is higher. If you fail to pay the correct fee it can result in a minimum penalty being incurred of £4,350. There could also be other adverse repercussions too!

 

 

If you wish to discuss any privacy aspect please feel free to contact any of our GDPR team who will be able to assist and guide you.

 

PDT GDPR Team

Noel Ruddy Bhavna Patel Ian Lindley Laura Sutton

The content of this webpage is for information only and is not intended to be construed as legal advice and should not be treated as a substitute for specific advice. PDT Solicitors LLP accepts no responsibility for the content of any third party website to which this webpage refers.

Related Content

PDT Solicitors Accredited and Award Winning

Get in touch with PDT Solicitors

Please leave this field blank



My topics of interest



On submitting the form you agree to be opted in to receive PDT Solicitors communications. This means PDT will send you relevant content based on the options you have selected above. We will never share or sell your data and we will always keep your information safe and secure. For more information please read our privacy statement


Submit

To ensure we give you the best experience on our website we use Cookies. You can change your cookie settings at any time. However, if you continue without changing your settings we will presume you are happy to receive all cookies on the PDT website.

Continue