THE GDPR: ARE YOU COMPLIANT?
From the 25th of May 2018 new EU laws will come into place regarding the collection and storage of personal data. The Data Protection Directive of 1995 is being replaced and with the new laws come heightened risks and challenges for businesses.
- The GDPR was developed over four years
- The GDPR will apply from the 25th of May 2018
- It will be directly applicable in all EU Member States
- The GDPR will have an immediate effect
- Significant fines will be handed out to those in contravention. The GDPR enables the ICO (Information Commissioner’s Office) to impose fines of up to 2-4% of annual turnover
- Government has signalled that they intend to continue to apply the GDPR post Brexit
WHO IS AFFECTED?
Your organisation will be affected if:
- It is established in the EU and processes data in the context of that establishment
- It is not established in the EU but monitors the behaviour of individuals in the EU
- Not established in the EU but offers goods and services to data subjects in the EU
ICO has recently focussed on charities and imposed fines for practices such as ranking donors by wealth where they are not aware of the practice; hiring organisations to collect additional data on individuals and for sharing data with other charities.
The overarching key principles of the GDPR sit above the detail and include:
- Lawfulness, fairness & transparency
- ‘Data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject’
- Purpose limitation
- ‘Data shall be collected for specified, explicit and legitimate purposes and not further…’
- Data minimisation
- ‘Data shall be adequate, relevant, and limited to what is necessary for the purposes for which they are processed’
- Data accuracy
- ‘Every reasonable step must be taken to ensure that personal data that are inaccurate…are erased or rectified without delay’
Consent is a much trickier issue under GDPR. Consent now must be able to be clearly demonstrated that it was freely given, specific, informed and unambiguous. It must be clearly distinguished from other matters, intelligible, accessible and in clear plain language.
- It must be as easy to withdraw consent
- Parental consent is required where information services are offered to children under the age of 16
- You cannot rely on pre-ticked boxes or silence
The GDPR actually requires data controllers to demonstrate compliance this means keeping records of all data processing; conducting data protection impact assessments; privacy by design and default and in certain circumstances appointing a Data Protection Officer.
HOW SHOULD YOU PREPARE?
ICO have collated useful information on their website that businesses can access and download to ensure that they are taking the steps necessary towards compliance.
Below are several links that will get you started:
Getting Ready Checklist:
ICO Advice Service for Small Organisations:
ICO GDPR guidance for Not For Profits:
Swindells’ client Sammons Recruitment Group, acquire Brightred & On Track
Swindells are proud to announce that clients Sammons have acquired Brightred and On Track as part of their major growth strategy. Swindells provided accounting and tax support throughout the process culminating in a positive result for our client. Below is the Sammons press release: Sammons Recruitment Group has acquired IT recruitment experts Brightred Resourcing and […]
Make use of our factsheets, tax calendars and more resources for FREE!
A wealth of information just a few clicks away
As part of our online website offering, we have a plethora of helpful fact sheets, online calculators, tax calendars and downloadable forms all for free. Have a browse and see what is relevant to you or your business.
New customs IT platform – get ready for the change
The UK customs declaration service CDS is replacing the CHIEF system. Get ready for the deadlines in September 2022 and March 2023.
The UK customs authority HMRC is closing the Customs Handling of Import and Export Freight (CHIEF) system on 31 March 2023. It is being replaced with the Customs Declaration Service (CDS) as the new UK’s single customs platform. All businesses managing UK customs declarations will need to declare goods using the Customs Declaration Service.
Sign up to receive our private content
straight to your inbox