Is your business prepared for GDPR?
GDPR (General Data Protection Regulation) is coming even when Brexit takes place and it will include the right to be forgotten. But is your business ready?
On 25 May 2018 all businesses in the UK will be subject to the new GDPR legislation. This legislation replaces the old Data Protection Act and will heighten the responsibilities of data controllers and processors as well as the rights of individuals. GDPR will apply to all businesses controlling and processing the personal data of individuals residing in the EU, even if the business is based outside the EU.
Fines for data breaches and non-compliance will be based on a two-tiered system:
- Breaches of some provisions by businesses, which are deemed to be most important for data protection, could lead to fines of up to €20 million or 4% of global annual turnover, whichever is greater.
- For other breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, again, whichever is greater.
Is your business compliant and can you prove it?
Under a new principle of accountability, businesses will need to review and change their consent processes, processing notices, policies and procedures to reflect the law under GDPR. It will no longer be enough to be compliant with data legislation, you will have to be able to demonstrate compliance under GDPR principles.
Helping you become GDPR compliant
To help your business become GDPR compliant we have developed a GDPR Toolkit. This Toolkit allows your organisation to assess its current compliance position as against the requirements of the GDPR.
How it works
The toolkit includes a series of questions which need to be answered and a request for associated documents. Once completed we then review the responses and documents provided and meet with key heads of department to deal with any queries. We can either do this once the Toolkit is partially completed or meet with you upfront to help with the Toolkit’s completion.
We will then turn this information into a tabular report which highlights areas where compliance is achieved, where the business has a plan or route towards compliance, or where further action is required and if so in relation to what.
To find out more about our toolkit and how it could support your business complete our enquiry form.
Alternatively you can contact Andrew Evans, partner in our Commercial team.
The 6 other principles of GDPR
1. Lawfulness, transparency and fairness – the lawful basis on which the data is processed, this must be demonstrated fairly and transparently to the data subject.
2. Purpose limitation – ensuring data is captured for specific and legitimate purposes.
3. Data minimisation – ensuring personal data is adequate and relevant.
4. Accuracy – ensuring personal data is kept up-to-date.
5. Storage limitation – ensuring data is kept no longer than necessary.
6. Integrity and confidentiality – ensuring appropriate measures are in place to ensure security of the data including the prevention of unauthorised and unlawful processing to protect against accidental loss, destruction or damage.