GDPR - Time Is Running Out
The clock is ticking fast regarding compliance with the General Data Protection Regulation (GDPR), which will be fully enforced from 25 May 2018 and will impose significant compliance issues for all organisations which handle 'protected data' – i.e. personal data, the definition of which is more detailed and broader than that used previously. One significant addition is the 'accountability principle', whereby data controllers must keep records to demonstrate how they comply with the data protection principles – for example by documenting the decisions taken about a processing activity.
The penalties for non-compliance with the GDPR are severe and the Information Commissioner's Office (ICO) has been told that enforcing it must be self-funding, so little mercy is likely to be shown to those who fall foul of it.
The Data Protection Bill 2017-2019, which implements the GDPR into UK law, will impose additional compliance requirements over and above those contained in European legislation. Information on these together with useful guidance on implementing the GDPR can be found on the ICO's website (www.ico.org.uk).
The ICO has also established a dedicated telephone service aimed at helping small businesses prepare for the forthcoming changes in the law. Small organisations seeking information on the GDPR should ring the ICO helpline on 0303 123 1113 and select option 4 to be transferred to staff who can offer support.
If you have not already started your review of the impact of the GDPR on your business and begun to adapt, time is fast running out.
It will, almost certainly, necessitate revising written policies and procedures – for example regarding information that must be included in privacy notices – and some redrafting of business and employment contractual terms and conditions.
For individual advice on the steps your business needs to take to comply with GDPR, please contact our dedicated team on 020 8974 7490.
Please note we are unable to offer legal aid.