GDPR – What does it mean for UK organisations
Many organisations have ignored the looming regulations coming into force in May 2018 thinking that they would be overturned by Brexit, but this is not the case. The General Data Protection Regulations (GDPR) will still apply from May 2018 to all organisations in the UK who hold data and they come with heavy fines for those who are deemed not to be adhering to them. Fines are set to be up to 250,000 euros, or 0.5% of annual sales for minor offences and up to (100 Million euros), or 5% of your annual sales in the worst cases. So, it’s important to act now and create a plan for making sure your organisation is ready by May 2018.
We’ve listed below some useful points from the ICO’s 12 steps guidance document for organisations but to make sure you understand what you need to do to prepare, book onto our Data Protection (GDPR) Training on 7th November at The Source, Sheffield. We will be holding a further date as well in the Leeds area soon after, if you want to reserve a place.
- GDPR regulations apply to all data processors and data controllers, that’s anyone who makes the decisions about how the data is processed or someone who handles data.
- Data includes names, photos, email addresses, bank details, medical information and computer IP addresses.
- THE ICO recommend documenting how you collect data, when it was added and updated. Sharing data must also be documented.
- You should have an updated data policy and it should include how long you store data for and what it is used for, how someone can be removed from your database and how to complain. This should be widely available to clients.
- Any data breach must be notified to clients within 72 hours
- Any request to see data must be supplied within a month (currently 40 days)
- You must be able to provide evidence that someone has opted into communications, even for clients. Providing an opt-out box is no longer enough.
- Any data concerning children who are under 16 will now require a parent or guardian’s consent to be on record.
- All devices holding data should be encrypted including USB sticks.
- Any organisation whose core activity is monitoring people or activity, this includes all public authorities will require a Data Protection Officer.
If you want to find out more about Data Protection and GDPR come along to our training courses. Delivered by a specialist Data Protection lawyer it will help you to understand the importance of Data Protection, identify where you need to make changes to improve your Data Protection and help to ensure you are complying with Data Protection Legislation. To book your place call 01924 827869 or email firstname.lastname@example.org.Back to blog