Knowledge

We help make your business a success

What is GDPR (General Data Protection Regulation)?

GDPR stands for ‘General Data Protection Regulation’. It’s the result of four years of EU work to bring data protection legislation up to date.


GDPR is a term that all businesses, large or small should be aware of, so we asked Jo Fortune from our Legal Partners Lawbite to pull together the facts and information that you need to know to ensure you’ll be ready.


Why is GDPR being introduced?


Data is used in multiple ways that weren’t envisaged in the 90s, so the Data Protection Act 1998 is no longer fit for purpose. There’s vulnerability in the current legislation and the general public expect to be protected.


GDPR applies across all EU member states and individual EU country data protection laws will disappear.


 


When will GDPR come into force?


GDPR is actually already here. The approved text was published in March to April of 2016 with it coming into force in May of that year. There’s been a two year grace period to give organisations time to ensure they’re fully GDPR compliant, but the actual enforcement date in the UK is fast approaching on 25th May 2018 in the form of the Data Protection Bill 2018.


 


What types of business will GDPR affect?


All businesses and organisations that hold personal data are affected by GDPR, no matter what their size or structure. However, there are some differences depending on the number of employees you have.


If you have fewer than 250 employees, GDPR means you need to hold internal records of your processing activities, where the data being processed could risk somebody’s rights and freedoms, or where that data relates to criminal convictions and offences.


Those with more than 250 employees must keep more detailed records; for example the name and details of your organisation, your data protection officer, why you’re processing the data, a description of the types of individual and categories of their personal data, as well as categories of recipients of this data.


You might still need to record extra facets like these if you’re a smaller business though. In fact, you’re only exempt from these extra record keeping duties if you only process personal data of EU residents occasionally. It’s best to get some advice on exactly what will apply to you here.


 


How do I know if my business is affected by GDPR?


All businesses will be affected in some capacity and it’s important to understand how and what you’ll need to do to ensure your business is compliant.


GDPR requires businesses to implement data protection “by design” and “by default”.


Data Protection By Design


Simply put, privacy by design is an approach to projects that promote privacy and data protection compliance from the start for example when building new IT systems for storing or accessing personal data, ensuring that privacy and data protection is a key consideration in the early stages of any project and then throughout its lifecycle.


Data Protection By Default


Data protection by default, on the other hand, refers to the activation of such safeguards as a default setting. As a business, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities.


The extent to which businesses are affected depends on practises already in place, as well as adherence to elements of the current Data Protection Act that will still be applicable.


 


When do I need to start taking action?


We’d recommend getting started as soon as possible. Don’t get caught out by leaving it to the last minute!


 


What happens to businesses that don’t comply with the new GDPR rules?


Major GDPR breaches


There’s been some scaremongering in the media but fines for major breaches of GDPR could reach up to the larger of:



  • 4% of annual worldwide turnover or

  • €20 million.


Other GDPR infringements


These could attract a fine of up to the larger of:



  • 2% of annual worldwide turnover or

  • €10 million.


 


Will GDPR still apply after Brexit?


It’s likely that UK businesses aren’t going to miss any of the fun of complying with GDPR. First of all, the new law comes into effect in the UK in May 2018 before the two year period for Brexit ends.


In addition, the law is consumer-friendly and is, therefore, unlikely to be unravelled by the UK Government.


Finally, if we want to continue to trade as freely as possible with the EU this will undoubtedly be one of those laws we have to continue to comply with, especially given that UK websites will be accessible by EU citizens, for example.


 


How do I make sure my business is compliant with GDPR?




The Information Commissioner’s Office (ICO) has outlined their guidelines in a really simple and useful whitepaper entitled “Preparing for the General Data Protection Regulation (GDPR) – 12 steps to take now”.


The beginning of 2018 is going to fly by, then suddenly May will be here and the enforceability of GDPR will be upon us. We’d hate for your business to get caught out, so our legal partner Lawbite has a useful free online GDPR Checklist tool designed to highlight areas businesses need to think about. They also offer free 15 minute legal consultations to help businesses identify exactly what they need to do for GDPR compliance. You can call our partners at Lawbite on 0207 148 1066 to speak to a lawyer (tell them we sent you!).


What is Crunch doing to ensure my data is protected?


At Crunch, we’re taking GDPR really seriously and we’ve implemented a range of initiatives to ensure we’re fully compliant ahead of the GDPR implementation date. Our privacy policy will be updated to confirm we manage data according to GDPR, so that’s a tick in the box for you if you’re a Crunch Client.


Jo Fortune is Partnerships Manager at LawBite.

Our invoice templates are professional and sharp. Use them to directly invoice your clients and get paid fast.

From understanding expenses to starting a limited company, our downloadable business guides can help you.

If a client hasn't paid an invoice, download our late payment reminder templates and get that invoice paid fast.

Richard Branson said, “If you want to stand out from the crowd, give people a reason not to forget you”. Short on ideas? Here’s some inspiration.

Even seasoned self-employed veterans can struggle to generate leads. Here's a checklist of ways your small business can get in front of the right people.

Storytelling to sell really isn’t anything new. Successful brands have always told stories about themselves. Create better content today!

The best accounting advice

Our accredited team are on hand to help you choose the best package

We understand that it can be difficult deciding whether or not to switch accountants, but at Crunch we’ll offer you fair, unbiased advice on what’s best for you.