From understanding expenses to starting a limited company, our downloadable business guides can help you.
GDPR stands for ‘General Data Protection Regulation’. It’s the result of four years of EU work to bring data protection legislation up to date.
GDPR is a term that all businesses, large or small should be aware of, so we asked Jo Fortune from our Legal Partners Lawbite to pull together the facts and information that you need to know to ensure you’ll be ready.
Data is used in multiple ways that weren’t envisaged in the 90s, so the Data Protection Act 1998 is no longer fit for purpose. There’s vulnerability in the current legislation and the general public expect to be protected.
GDPR applies across all EU member states and individual EU country data protection laws will disappear.
GDPR is actually already here. The approved text was published in March to April of 2016 with it coming into force in May of that year. There’s been a two year grace period to give organisations time to ensure they’re fully GDPR compliant, but the actual enforcement date in the UK is fast approaching on 25th May 2018 in the form of the Data Protection Bill 2018.
All businesses and organisations that hold personal data are affected by GDPR, no matter what their size or structure. However, there are some differences depending on the number of employees you have.
If you have fewer than 250 employees, GDPR means you need to hold internal records of your processing activities, where the data being processed could risk somebody’s rights and freedoms, or where that data relates to criminal convictions and offences.
Those with more than 250 employees must keep more detailed records; for example the name and details of your organisation, your data protection officer, why you’re processing the data, a description of the types of individual and categories of their personal data, as well as categories of recipients of this data.
You might still need to record extra facets like these if you’re a smaller business though. In fact, you’re only exempt from these extra record keeping duties if you only process personal data of EU residents occasionally. It’s best to get some advice on exactly what will apply to you here.
All businesses will be affected in some capacity and it’s important to understand how and what you’ll need to do to ensure your business is compliant.
GDPR requires businesses to implement data protection “by design” and “by default”.
Simply put, privacy by design is an approach to projects that promote privacy and data protection compliance from the start for example when building new IT systems for storing or accessing personal data, ensuring that privacy and data protection is a key consideration in the early stages of any project and then throughout its lifecycle.
Data protection by default, on the other hand, refers to the activation of such safeguards as a default setting. As a business, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities.
The extent to which businesses are affected depends on practises already in place, as well as adherence to elements of the current Data Protection Act that will still be applicable.
We’d recommend getting started as soon as possible. Don’t get caught out by leaving it to the last minute!
There’s been some scaremongering in the media but fines for major breaches of GDPR could reach up to the larger of:
These could attract a fine of up to the larger of:
It’s likely that UK businesses aren’t going to miss any of the fun of complying with GDPR. First of all, the new law comes into effect in the UK in May 2018 before the two year period for Brexit ends.
In addition, the law is consumer-friendly and is, therefore, unlikely to be unravelled by the UK Government.
Finally, if we want to continue to trade as freely as possible with the EU this will undoubtedly be one of those laws we have to continue to comply with, especially given that UK websites will be accessible by EU citizens, for example.
The Information Commissioner’s Office (ICO) has outlined their guidelines in a really simple and useful whitepaper entitled “Preparing for the General Data Protection Regulation (GDPR) – 12 steps to take now”.
The beginning of 2018 is going to fly by, then suddenly May will be here and the enforceability of GDPR will be upon us. We’d hate for your business to get caught out, so our legal partner Lawbite has a useful free online GDPR Checklist tool designed to highlight areas businesses need to think about. They also offer free 15 minute legal consultations to help businesses identify exactly what they need to do for GDPR compliance. You can call our partners at Lawbite on 0207 148 1066 to speak to a lawyer (tell them we sent you!).
Jo Fortune is Partnerships Manager at LawBite.
Richard Branson said, “If you want to stand out from the crowd, give people a reason not to forget you”. Short on ideas? Here’s some inspiration.
Even seasoned self-employed veterans can struggle to generate leads. Here's a checklist of ways your small business can get in front of the right people.