The General Data Protection Regulations (GDPR), are coming into force from May 25th 2018. Data Protection is a very sensitive topic and GDPR applies to the way data, specifically personal and sensitive data, is handled and processed by those who have access to it – possibly most significantly businesses, and is applicable to all UK companies.
Seeking consent and accurately recording it forms a significant part of the GDPR process. But, continuing to make contact about matters that do not directly relate to the reason you were originally in contact, contravenes GDPR regulations.
What can business do to prepare for GDPR?
- Ensure policies and procedures are up to date and are fully communicated internally
- Review notices and policies that relate to privacy
- Pre-ticked boxes are no longer compliant, therefore clients/customers/contacts will need to ‘opt-in’ to any such consent but must be made fully aware they can withdraw their consent at any time
- Be mindful of the 6 Legal Grounds for processing/handling data
- Consider appointing a Data Protection Officer, which is mandatory for some businesses
- Keep all records up to date and only for an appropriate period
- Ensure you are able to demonstrate how compliance measures have been considered
- Remember the regulations apply to your clients, contacts, third parties and staff, so internal and external plans are needed.
Breach of the GDPR regulations could result in substantial fines of either 4% of annual worldwide turnover or €20 million– whichever is higher. There is also the cost of damage to reputation to consider
If data is breached, the Information Commissioners Office must be notified within 48 hours. Failure to do so will also result in large fines.
As clients of Lawson-West Solicitors, you can be assured we are taking every step to adhere to all GDPR policies. Our relationship with clients is of the utmost importance to our whole team.