Are you GDPR Compliant?

Are you GDPR Compliant?

What is GDPR?

May 25th 2018 - the date the EU General Data Protection Regulation comes into force. The GDPR replaces the current Data Protection Act 1998 and will impact all businesses that hold or process personal data of EU citizens. Broadly speaking, data protection is the category of law that deals with how our personal data is collected, controlled, stored or shared. The current legislation is outdated, technology has involved immensely in the last 20 years and the GDPR has been created to bring data protection legislation in line with current technology.

Non-compliance is not an option, the fines for breaching are huge! Not only the fines but breaking the law would not do well for business it could damage your repetition and break down client relationships.

But what does it even mean?

As mentioned above the GDPR builds upon existing laws rather than completely new ones. The good news is that you should be doing most of it already under the DPA.

The principles are as follows:

Lawfulness -Data should only be processed when there is a lawful basis (consent, contract or legal obligation)

Fairness - You should provide the individuals with the details around how their data will be used and how they can exercise their rights

Transparency -GDPR requires the info to be provided in concise, easy to understand, clear language.

Purpose Limitation –Only collect data for specific and legitimate purposes

Data Minimisation - Only collect data which is relevant and limited to what is necessary to the purposes you are collecting it for

Accuracy – Data should be accurate and kept up to date

Storage Limitation – Data should not be held for any longer than necessary

Security -Data should only be processed in a manner that ensures security and protection against unlawful processing

Accountability -It is your responsibility to demonstrate compliance

 How to get consent under GDPR?

Businesses in the UK have always been able to rely on implied consent. That is consent inferred from silence, pre-ticked boxes or even inactivity.

Under the GDPR, not only must consent be unambiguous and obtained through a clear and affirmative action but GDPR also requires businesses to show how they comply, keep a record and provide proof that consent has been given by the individual to hold and process their data. The individual must also be clearly informed on how to withdraw their consent at any time whenever they want to. These individuals must be made aware of this right prior to any consent they give and also on a continuing basis.

What is personal data?

All the obvious things like name, address, contact information, religious beliefs and sexuality will still be classed as personal data under the GDPR. However, the GDPR has expanded this definition to include IP addresses and economic, cultural or mental health information. Any data which is personally identifiable will be considered as personal data.

What about Terms & Conditions and Data Protection Policies?

By acting now, you can ensure your terms and conditions and policies are adequate for the coming enforcement of the GDPR.

Do you have employees? Suppliers? Sub-contractors? These all have access to the personal data you collect and are responsible for. By having a clear GDPR policy within your business you have a great start in becoming compliant and should there ever be a breach you can show you have taken all reasonable steps to being compliant to the ICO.

Your terms and conditions may need updating. For example you can no longer hide the terms and conditions for consent, they must always be separate from your standard terms and you cannot make them too complicated so people won’t bother to read them. Put simply their consent must be a genuine choice, and cannot be a standard condition of service.

When collating personal data from your own website it can be slightly more straightforward than by other means. Consent can be provided by an ‘opt in’ tick box which is clear and unambiguous, (remember pre ticked boxes are a no no) and the proof is all recorded. When personal data has been collected elsewhere, consent forms are the most compliant way to stay in line with the GDPR. This way, businesses can make sure consent is specific, clear, prominent, opted-in, properly documented and easily withdrawn.

It is important that any business that holds or uses personal data should not ignore the GDPR however there really isn’t any need to panic either.

BEB can assist with re-writing your terms and conditions and policies, helping you with implementing any new policies and answering any questions you may have. Call us today on 01604 217365.

Extra guidance is also available here https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/ from the Information Commissioner’s Office. 

要查看或添加评论,请登录

Kerry Gibbs的更多文章

  • The Importance of a Partnership Agreement

    The Importance of a Partnership Agreement

    Ordinary partnerships are governed by The Partnership Act 1890 and in the absence of a partnership agreement, the…

  • Loss of profit, is it a direct or indirect loss?

    Loss of profit, is it a direct or indirect loss?

    Parties to contracts especially in construction, often include clauses in their contracts seeking to exclude claims for…

  • Data Protection Post-Brexit: What you need to know & are you still compliant?

    Data Protection Post-Brexit: What you need to know & are you still compliant?

    It doesn’t seem possible that it was 4 years ago that GDPR a European Regulation, was the buzz word of the world…

  • Terms and Conditions for Start Up Businesses

    Terms and Conditions for Start Up Businesses

    When you are considering starting a new business, there are many things you need to consider to ensure you have the…

    3 条评论
  • Is your website legal?

    Is your website legal?

    One thing businesses owners rarely consider with their website is whether that site is in fact legal. Your website is…

    2 条评论
  • Buy Now Pay Later - Terms exposed

    Buy Now Pay Later - Terms exposed

    The likes of Klarna and Clearpay have become the new way to shop online. Known as Point-of-sale loans, major online…

    6 条评论
  • “I am owed money but there was no contract in place”

    “I am owed money but there was no contract in place”

    “I am owed money but there was no contract in place” This is a common statement I see across social media from business…

    2 条评论
  • IR35 ... who wins?

    IR35 ... who wins?

    This piece of legislation has been in force since 2000 which was designed to tackle tax avoidance from ‘disguised…

    1 条评论
  • What is IR35 and what is changing.

    What is IR35 and what is changing.

    HMRC introduced IR35 in 2000 to tackle what they call ‘disguised’ employment, whereby a company hires freelancers and…

  • GDPR - One Year On!

    GDPR - One Year On!

    It has now been almost a year since GDPR became enforceable by law, after attending an event yesterday where I spoke a…

    2 条评论

社区洞察

其他会员也浏览了