Get Data Protection Ready
If your business holds information relating to individuals, whether they be employees, customers, suppliers or recipients of marketing material, it will be subject to the current data protection legislation and, from 25 May 2018, the General Data Protection Regulation 2016 (GDPR). GDPR requires each business to adopt an appropriate and proportionate response to compliance and penalties for failure to comply, including fines, are significant. If GDPR isnt already on your businesss agenda, now is the time to act.The GDPR extends current requirements set out in the Data Protection Act 1998 and places new obligations on businesses.
These include, amongst others:
1. more stringent requirements around consent, including the need to obtain express consent;
2. the right to be forgotten;
3. adopting a proportionate approach via privacy by design and privacy impact assessments;
4. a modified subject access request procedure that favours the individual;
5. new, stricter requirements to notify the ICO, affected data subjects and, if the breach has been committed by a data processor, the relevant data controller, of a breach of GPDR; and
6. expanded territorial reach a non-EU company could be subject to the same sanctions as EU companies.
What could go wrong?
Under the current legislation, the ICO may levy fines of up to £500,000. Under GDPR, those fines will increase to a maximum of 20 million Euros or 4% or group worldwide turnover (whichever is greater). Breaches that are deemed by the ICO to be less serious could incur fines of up to 10 million Euros or 2% of group worldwide turnover. Reputational impact could also be significant.
How we can help
Addressing compliance with GDPR can seem daunting, but it doesnt need to be. Although it potentially requires a significant level of time and resource dedicated to it by the business, our aim is to break down GDPR into bite size chunks on a risk analysis basis.We will work with you to locate any areas of risk within your business around data protection and GDPR compliance, helping you map the data you currently process, determine whether or not such processing is GDPR compliant and take the steps needed to avoid non-compliance. Following the initial assessment, we will help you decide which issues should be dealt with as a priority, which are easy wins that can be swept up easily and cost efficiently in the early stages, and which could form part of a rolling programme, ensuring your day to day business can carry on as normal. Were also here to help postimplementation of GDPR, making sure your policies, procedures and documents are up to date and ensuring you have the tools necessary to assess ongoing compliance.
Next steps...
If you would like more information about GDPR and the ways in which we can help, we would be happy to meet with you or to have a call to discuss your requirements in more detail. If you choose to work with us, we will put together a detailed price proposal to help you decide which areas of our compliance programme you would like to pursue. For more information, please contact Matthew Hattersley or Florence Maxwell.