GDPR is coming - is your business ready?

On 25 May 2018 the EU’s General Data Protection Regulations (GDPR) come into force. This comprehensive legislation will affect everyone doing business in the EU – and don’t think that Brexit means it won’t apply here. The government has announced that GDPR will be incorporated into British law once we leave the EU.

GDPR is designed to give consumers more control over their personal data and simplify the rules for organisations doing business in the EU or with EU citizens. It applies to companies that process personal data – in practice that means all of them. The new rules are comprehensive and can seem very daunting, especially to small businesses, but there are resources available to help.

A few of the major changes are listed below and we’ve also compiled a list of useful GDPR resources to help you and your business understand the new rules and achieve compliance.

Some of the major changes:

  • Personal data must be transparently and lawfully processed for a specific purpose
  • Lawful reasons for processing data are: consent, contract, legal obligation, vital interests, public task and legitimate interest
  • Data must be held in a transparent and easy to transfer way (e.g. .csv files)
  • If relying on consent to process data the subject must explicitly consent via an opt-in
  • Data subjects have the right to see any data a company holds on them and the right for it to be deletedFines for non-compliance are increased to a maximum of €20m or 4% of turnover, whichever is greater

The Information Commissioner’s Office has comprehensive GDPR resources for businesses including its Guide to the GDPR, a 12-step plan, a selection of FAQs and a myth-busting blog:

The official GDPR site is full of useful documents:

Simply Business has an excellent guide for small businesses:

Informi has another good summary for small businesses:

IT Governance has a series of webinars on GDPR and some useful articles:

Posted on Thursday Mar 29