What is GDPR and Why Do You Need It?

GDPR is the General Data Protection Regulation, and it came into force the UK and EU in May 2018.

Since we’ve had Brexit (fun times), the UK now has it’s own UK GDPR. But it’s basically, for all intents and purposes, the same as the EU GDPR

So what are the key things you need to make sure you have in place?

Here’s a quick reccy for you…

·??????Register with the ICO (it’s about ￡40 a year, and a legal requirement for the vast majority of UK businesses)

·??????Have a privacy and cookies policy on your website, setting out the personal data you collect, why you need it and what you do with it

·??????If you have employees, have them sign an employee privacy notice when they join (or now, if you previously forgot!)

·??????Again, if you have staff, have an internal data protection policy that everyone can follow, so they know how to comply with GDPR within your company

·??????Have strong contractual clauses in place with the third parties you work with to make sure you are passing or receiving data in a lawful way

·??????If you transfer data outside the UK or EU, make sure you have standard contractual clauses in place (or the IDTA, if you’re UK based)

·??????Prepare a data flow map that documents the data flowing into and out of your company. If the regulator ever challenges you, this will come in really handy.

There could be some other bits and pieces based on your business and exactly how you deal with personal data, but the above is a solid cheat sheet to get you started.

Have more questions? Something you’ve also been confused about when it comes to GDPR? Not a problem, that’s why we’re here ??

Feel free to book one of our free legal advice calls to ask away!

https://calendly.com/jamiesonlaw