When the General Data Protection Regulation (GDPR) came into force on 25 May 2018 it will tighten up the law in many ways.
• It introduces the “accountability principle” which puts a burden on businesses to be able to demonstrate compliance.
• It makes it harder to rely on consent as a ground for processing personal data.
• It raises the penalties for non-compliance.
Publicity about the new law is also making individuals and businesses more aware, and so more likely to question what you do with personal data.
Even so the basic principles have not changed much. The Information Commissioner’s Office (ICO) describes this as evolution, not revolution. So, in most organisations it should be possible to comply with the GDPR without massive changes or enormous amounts of time being invested.
There are several actions you can take such as:
• Decide who oversees data protection in your organisation
• Determine what material you hold
• Assess risk
• Take action
• Evaluating Your Current Practices
• Privacy Notices and Contract Terms
• Clients and Prospective Clients
• Notices to Staff
• Data Processors
• Checking Third Parties
• Data Protection Policy (including guidance for staff)
• Information Asset Register (separate Excel file)
If you are in doubt, ask Beach Accountants and we will be able to guide you or refer you to the appropriate websites and documentation.