The General Data Protection Regulation (GDPR) is coming but a recent survey suggests less than 50% of businesses are familiar with it. Our advice is that all businesses need to take action now, as doing nothing may land your business with a fine of as much as €20 million or 4% of your annual turnover.

What is GDPR? It comes into effect on May 25th 2018 across the European Union and is replacing the UK Data Protection Act. GDPR brings in a strict set of new rules concerning privacy and data security, while imposing penalties on businesses which violate them.

Who does GDPR affect? GDPR affects anyone holding data on EU citizens including employers and business owners of any size. This is because they are likely to control personal data – or at least process it on someone else’s behalf, such as employee personal details, as well as performance reports and attendance records. The GDPR applies to all EU organisations and to any organisation outside of the EU which processes personal data on an EU national.

What about Brexit? It is likely the UK will still be a European Union member state as of 25th May 2018, so the regulations will apply until we leave the EU. Once we leave it is expected the UK will either adopt the GDPR in its entirety or adopt national legislation, which is similar to GDPR.

GDPR Infographic

GDPR: Top 10 Tips for Employers

Here are our expert’s top tips for ensuring your business complies with the new regulations:

  1. Make sure people in your business know that the law is changing.
  2. Create a register of the personal information you hold, where it came from, and who you share it with.
  3. Review the current privacy notices for the data you store and prepare to change them for GDPR.
  4. Get consent to store, manage, maintain and use personal data or consider what other rights you may have to process personal data.
  5. Check that you can honour the rights of individuals. If someone asks for their data, you should be able to give them it in a secure, standard format.
  6. If someone asks you to remove their data, make sure you can prove you’ve done so.
  7. Put in place a process for handling requests for any of the data you hold, including how quickly you will respond, how you will provide it, and how you will assure requesters that they own it.
  8. Decide if you need a system for identifying the age of individuals and whether you need parent or guardian consent.
  9. Have an emergency plan in case you lose data or someone steals it.
  10. Nominate a responsible person to be your Data Protection Officer or representative, as applicable.

What are the main changes of GDPR?

GDPR will replace the current legislation under the UK Data Protection Act.

The new legislation is coming in because digital technology has moved forward far more rapidly than the law, so in affect GDPR is necessary to help the law catch up with the rapidly evolving digital environment.

One of the biggest differences between the current legislation and GDPR is that people will gain much more control of their personal data.

The new rights of the people your business holds data on are:

  • The right to be informed: Where you state in your privacy notice how you process information fairly.
  • The right of access: Data subjects can get access to, and a copy of, their data and find out how you are using it.
  • The right to rectification: People can ask you to update any inaccurate or incomplete data.
  • The right to erasure: Commonly called ‘the right to be forgotten’. People can ask you to delete or remove their personal data.
  • The right to restrict processing: Where you are allowed to store but not process personal data.
  • The right to data portability: Allows people to get some of their data from you for their personal use.
  • The right to object: People can opt out of you profiling them based on their data, direct marketing to them, or using their data for research.
  • Rights in relation to automated decision making and profiling: Protection against mistakes or decisions where humans are not involved in data processing.

Watch out for our expert’s comprehensive GDPR White Paper, which will be published on the Croner Free Downloads shortly.