7th February, 2018
Is your business GDPR ready?
Data security is EVERY business’s business!
What is the GDPR?
The General Data Protection Regulation (GDPR) is a binding legislative act from the European Union for the protection of personal data. The Regulation tackles the inconsistent data protection laws currently existing throughout the EU’s member states and facilitates the secure, free-flow of data.
Why do you need to know about it?
As of April 2016, businesses have been preparing for the legislation coming into effect on 25th May 2018. Although we are in the process of leaving the EU, working towards GDPR compliance remains crucial.
If you fail to comply with the Regulation you could find yourself being fined up to 4% of your company’s global annual turnover and your reputation damaged beyond repair.
- If you want to use someone’s personal data, they must give you ‘explicit consent’ to do so. This means no pre-ticked opt-in boxes by default. The individual must have always chosen to tick the box.
- If you want to use an individual’s personal data for multiple purposes, they must give consent for each, separately.
- Whether you are the data controller or processor, you must always record how consent was given, who from, when, how and what the interested parties were told.
- You must not use any confusing language. It must be easy for individuals to understand what they’re giving their permission for, and just as easy to withdraw permission at a later date.
- You must not bundle your consent request with your standard terms and conditions.
What should you be doing now?
- Do your consent processes meet GDPR standards? Carry out a thorough review of existing consent processes and assess whether they meet the Regulation’s requirements. If they do, there is no need to request consent from the subject again.
- If you are working with any third parties who will also need to use the individual’s personal data, the data subject must give their consent for this too.
- Start working towards making it as easy as possible for individuals to give and withdraw their consent.
- Keep thorough records of consent processes as evidence.
- Monitor your consent processes to keep them up to the GDPR standard by building regular reviews into business practices.
There are many useful webinars, seminars and much, much, more to get you and your business ready for GDPR – research now and find out how you need to become compliant before the deadline approaches.
Do not forget about our AAA (all about accounting) app for regular news updates!
**Disclaimer: The information in this article is for your general guidance only and is not and shall not constitute legal advice. If you need advice on your rights or responsibilities or any legal advice around data protection matters, please obtain specific legal advice and contact an adviser or solicitor.**