Published: February 16th, 2018
With only months to go until the new General Data Protection Regulation
comes into law, businesses are being urged to start preparing to ensure that they are compliant with the legislation when it comes into force.
From 25 May 2018, all businesses that hold personal data will have to guarantee that their data procedures are fit for purpose and compliant with the new regulation.
While the GDPR is an EU-initiative, the UK government has already made it clear that the legislation will still take effect in the UK after Brexit.
Businesses that are found to be non-compliant risk potential fines of up to €20 million or 4% of annual worldwide turnover. If you want to know about what GDPR is, this FAQs
on the Information Commissioner’s Office website provide a helpful guide.
Here’s some steps to take to ensure you’re compliant:
1. Audit what information your business holds, where the information came from and who has access to it.
2. Check the procedures you have in place covering the rights people have under the new rules, this includes requests to provide or delete personal information you hold.
3. Most businesses will have a privacy notice on their website – review this using guidance from the ICO and consider engaging a data expert.
4. Many businesses will already be compliant with the Data Protection Act but be aware GDPR goes further, so you need to review how you ask for, obtain and keep personal information.
5. Use the Information Commissioner’s Office checklist to ensure you’re addressing all aspects of the new legislation.
You can download the below from the ICO which gives 12 simple steps you can take today to start preparing and more help can be found at www.ico.org.uk