The General Data Protection Regulations (GDPR), are coming into force from May 25th 2018. Data Protection is a very sensitive topic and GDPR applies to the way data, specifically personal and sensitive data, is handled and processed by those who have access to it in all UK companies.
What can business do to prepare for GDPR?
- Ensure policies and procedures are up to date and are fully communicated internally
- Review notices and policies that relate to Privacy
- Pre-ticked boxes are no longer compliant, therefore clients/customers/contacts will need to ‘opt-in’ to any such consent but must be made fully aware they can withdraw their consent at any time
- Review any pre-existing consent to ensure it is GDPR compliant
- Be mindful of the 6 Legal Grounds for processing/handling data
- Consider appointing a Data Protection Officer, which is mandatory for some businesses
- Keep all records up to date and only for an appropriate period
- Ensure you are able to demonstrate how compliance measures have been considered
- Remember the regulations apply to your clients, contacts, third parties and staff, so internal and external plans are needed.
Breach of the GDPR regulations could result in substantial fines of up to 4% of annual worldwide turnover or €20 million– whichever is higher. There is also the cost of damage to reputation to consider
If data is breached, the Information Commissioners Office must be notified within 72 hours. Failure to do so may also result in large fines.
As clients of Lawson-West Solicitors, you can be assured we are taking every step to adhere to all GDPR policies. Our relationship with clients is of the utmost importance to our whole team.
If you are a business owner and would like to speak to a member of our Commercial or Employment Team about the potential impact of GDPR on your company, please contact us on 0116 2121000.