GDPR is a European regulation which comes in to force on 25th May 2018. Despite our intention to leave the EU, this regulation will be adopted into UK law and will continue to be in force after we leave.
GDPR affects every organisation regardless of size and type; any organisation storing personal data (even just an email address, telephone number or name) whether in a paper filing system or electronically, is required to comply.
If you have read anything about the new regulation or attended a seminar recently then you’re no doubt bewildered by the vast content and at a loss as to what you can do to comply.
A recent study has shown that less than 12% of UK business managers or directors say they fully understand what GDPR involves.
The New law is about greater transparency, enhanced rights for citizens and increased accountability
You must ensure you have a lawful basis for processing personal data - why do you need it and what are you going to use it for?
Consent must be given and you must be able to prove it - consent offers people genuine choice and control over how you use their data.
For the first time, GDPR will bring in special protection for chrildren's personal data
Once GDPR comes into force any organisation that doesn't comply will be breaking the law.
Fines from ICO will be issued in two tiers depending on the type of breach
The top tier is applied if sensitive data is breached, if the company is reckless with data or they don't co-operate.
The GDPR is being policed on two fronts;
Since June 2017 we have been conducting a series of seminars to help you understand what your organisation must do and give you a clear plan of what you need to implement - look out for our next seminar and make sure you secure your place!