GDPR will come into force in the UK on 25 May 2018. The GDPR is a new law that significantly extends and strengthens the current law and regulatory regime in relation to data privacy and data protection. It concerns the rights of individuals and how organisations handle an individual’s personal data.
The new regime is, in part, intended to force a cultural change in how organisations think about and protect the personal data of private individuals. It is also intended to bring the law up to date with advances in technology and the proliferation of internet based technology and social media. It is, therefore, much stricter than the current regime.
By now, you have probably heard of the new eye-watering financial penalties that will be available to the ICO when the GDPR comes into force. The ICO will have the power to impose fines for non-compliance of up to 4% of a company’s annual global turnover for the preceding financial year or the equivalent of £17 million – whichever is greater.
Adequately preparing for the GDPR is likely to be a very significant task. As part of your preparations, you should consider whether you have conducted a thorough:
- Audit of your organisation’s data processing activities and a review of your bases for processing
- Review of your contracts and service agreements with your data processors
- Review of your contracts with employees
- Review of your data protection policies and procedures as well as your systems for ensuring the security of your data – both off and on-line
- Review of your marketing practices to ensure that they are compliant with the new law – particularly in relation to consent
- Review of your privacy and fair processing notices
You will also want to ensure that you have:
- Implemented an effective system for demonstrating your compliance with the new law to the regulator
- Conducted staff training
- Considered whether it is necessary for you to appoint a data protection officer under the new law
- Implemented an effective policy and system for breach reporting in those instances where it will be mandatory for you to do so under the GDPR
Stephensons can assist you with all aspects of data privacy law and help you to ensure that you are fully prepared for the GDPR. We can assist you with data processing audits, drafting/amending contracts and agreements, drafting policies, procedures and privacy notices, staff training, data breach management, data breach reporting and providing assistance to data protection officers. We can also assist you in dealing with subject access requests, handling complaints/ICO investigations and assisting you in defending legal claims that might be brought against your organisation for a data breach.
For more information, call us now on 01616 966 229.