We have been helping some of our clients understand the impact of the General Data Protection Regulations (“ GDPR’s ”) and what they need to do to comply and of course with the implications for their contracts.
Lots of talk around the GDPR’s has been about the significant changes and huge fines for breaches, but compliance doesn’t have to be a daunting process.
The GDPR’s is not a complete overhaul of data protection laws but instead builds on the requirements under the Data Protection Act (“DPA”), so if you’ve got a grasp of the requirements under the DPA then that’s a good starting point!
In terms of what you can be doing now:
• Check out the Information Commissioner’s Office’s microsite www.dpreform.org.uk where you will find the ICO’s GDPR’s guidance (this we think is excellent and explains things very well).
• You need to understand what personal data your business uses, where it came from and how you use it. So carrying out a data protection audit is advisable which can help guide your business on what it needs to focus on. For example, the requirements for consent are stricter under the GDPR’s, which will have a large impact on some areas such as marketing communications.
• One of the key themes running throughout the GDPR’s is accountability. We take this to mean that businesses must have documented decisions, practices and policies in place. Your company’s current data protection practices and policies may be a good starting point although they are likely to need reviewing and building on.
• Get knowledge in your business! It’s important that you don’t develop a GDPR’s compliant set of policies and procedures which then just sit on a shelf – your staff who handle personal data as part of their role should understand what it is they need to be doing.
• Review your contracts. Responsibilities under the GDPR’s have changed, and this will impact on what your contracts need to say about data protection.
Should you need any further help or guidance please email email@example.com or call us 01202 729444.