With a little under a month until the General Data Protection Regulation (“GDPR”) becomes law in the U.K., we again outline the who, what, where, when and why to help you to achieve compliance and continue not to fall foul of the Regulation after its implementation.
Who the GDPR applies to?
The GDPR will apply to all entities, whether big or small, who deal with the personal data of individuals. Regardless of whether a business has 1 employee or 1,000 employees, the GDPR is intended to be a ‘one size fits all’ Regulation, with the same implications, same requirements and same fines being placed on everyone.
What you should be doing?
You should not be putting off getting your systems, staff and procedures brought up to date with the GDPR as otherwise you may find yourself liable to pay a large fine. If you are not sure where to start, our Intellectual Property team at Franklins are here to assist and we would suggest the following considerations in respect of what you could and should be doing ahead of 25th May 2018:
- Identify the personal data you hold e.g. in respect of clients, customers, staff etc.;
- Undertake an impact assessment to identify what further steps you may need to take;
- Determine whether the consent you have obtained in respect of personal data is compliant with the requirements for consent under the GDPR;
- Review your company’s policies and systems in respect of the handling of personal data, data you receive from other parties and when you pass data on to third parties; and
- Ensure you have fair processing policies which are reflective of how long you really need to keep certain types of data for.
Where you can look for help?
If you need assistance, regardless of what stage you are at in preparing for the GDPR, Franklins Solicitors, and our Intellectual Property team in particular, would be delighted to assist you.
When you need to make changes by?
One of the misconceptions surrounding the GDPR is that there is a ‘grace period’ after implementation. It is imperative that you understand that this is not the case. The GDPR will become law as of 25th May 2018, any business not compliant with the regulatory requirements after this date will be subject to the much harsher fines of up to 20 million Euros or 4% of annual global turnover. Regardless of Brexit, we will all need to comply with the GDPR come the 25th of May.
Why does this apply to you?
The GDPR is intended to streamline data privacy laws throughout Europe. It is hoped that it will lead to a clearer recognition of when consent is required and what individuals are consenting to whilst having the option to withdraw consent as easily.
If you should have any queries in respect of Data Protection or your rights and responsibilities in respect of the same, please do not hesitate to contact me on 01908 660966 or alternatively at email@example.com.