General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

posted on December 8, 2017

by: Ian Marlow / 0 comments / BusinessStarting A Business

General Data Protection Regulation (GDPR) is the new data protection regulation that becomes a legal obligation from 25 May 2018. Every business will have its own specific challenges regarding implementation of changes to internal systems to ensure compliance with the GDPR.
Theory is fine, but business owners, particularly smaller concerns, will no doubt want clear advice about what needs to be done to comply with the spirit of the GDPR without adding to the existing plethora of red-tape and compliance that threatens to drown us all in non-productive activity.
Much publicity has been given to the down-side risks of non-compliance: up to 20 million euros or 4% of annual turnover in fines for getting it wrong.
Nevertheless, from 25 May 2018, any business that collects or stores personal data, whether in a paper or electronic format, will need to comply with the GDPR strictures regarding the rights of the individual to have their privacy protected. New requirements in the General Data Protection Regulation, not in the present Data Protection Act 1998, include:

  • Reporting data breaches.
  • Cross-border considerations.
  • New rights for clients and other contacts: the need to inform clients how you are using their personal data and their rights under the GDPR to request that personal data is deleted.
  • Need to demonstrate that your business is mitigating against risks of misuse of clients’ personal data.

The GDPR is a published EU directive, and it is being introduced into UK law, but there are certain aspects where detailed guidance is still not available: for example, the regulations that set out best practice for the delivery of marketing information by email are set out at present in the Guide to Privacy and Electronic Regulations, which will be updated by new e-Privacy Regulation that is timed to come into effect May 2018. The ICO have not published a detailed description of the scope of this new regulation.
There is little doubt that it will be necessary to undertake a data audit to map and record what personal data is held, as well as how it is used, protected and detail the process for removal, should this be requested.
Unfortunately, these changes in the data protection rules need to be taken seriously. We will all need to accommodate compliance on or before the May 2018 deadline.

Alternative Text

Ian Marlow

Managing Director

Ian Marlow, an Elite Advisor for Quickbooks Online, has a passion for helping individuals and businesses in all aspects of online accounting and leads an experienced team of tax and accounting professionals.
published
8th December 2017
Top read posts
Category