On 25 May 2018, the GDPR is an EU regulation that will replace the existing Data Protection Act (DPA) 1998.
GDPR relates to personal data and the way that it is collected, stored, shared and processed.
Given the huge advances in technology and increase in both the use and methods of storing and processing personal data, the GDPR is considerably wider in scope and application than that of its predecessor.
The GDPR applies to any organisation offering goods or services to data subjects in the EU or monitoring their behaviour (to the extent that it takes place within the EU). Even the smallest businesses having minimal data will have to comply with the GDPR. Conversely, those organisations who store and manage vast volumes of data, will be subject to an extremely onerous burden to comply with the new regulations.
The introduction of the GDPR regulation will inevitably change the landscape for businesses who process such personal data. For the most serious of non-compliance, a breach of the new, tighter GDPR regulations, could result in businesses being fined up to 4% of total their annual worldwide turnover or £20 million, whichever is higher.
What your business needs to do
In order for your business to comply with the regulation by 25 May 2018, you will need to ensure that you have the systems and processes in place to demonstrate you are compliantly collecting, storing, sharing and processing personal data that falls within the scope of GDPR.
In order to be GDPR ready, your business needs to, at a minimum, commit to the following:
|Senior Management||Senior Management need to be acutely aware of GDPR importance. Both resource and budget should be assigned to overcoming the GDPR compliance hurdle.|
|Full data audit||Where and how is your current data collected, stored, used and transferred? What are your current data governance processes and methods?|
|Gap analysis||Where are your areas of high risk and pitfalls? Are you cyber secure?|
|Remediation||What do you need to remedy your gaps and risks? Investment in software? New procedures? New data storage?|
|Documents||Internal and External policies, agreements, contracts and terms and conditions to be reviewed and revised.|
|Disaster proofing||What will you do if there is a data breach and how will you manage this process?|
|IT & Software||Are your IT systems and procedures for data handling compliant? What are your risks? What new software do you need to invest in and how will this integrate with existing systems?|
|Ongoing compliance||How will you monitor and enforce ongoing compliance to the GDPR?|
With finite resources and without external support, businesses could find themselves paralysed by the scale of the project to become GDPR compliant.
How we can help your business
Our bespoke GDPR team has years of experience advising and consulting on matters relating to data protection, privacy, risk, security and breach. Our lawyers have regularly delivered businesses with data protection strategies and mapping, in order to locally comply with UK and EU regulations.
The team’s aim is to provide clients with added value, through the provision or clear, pragmatic and practical legal advice. Our lawyers are adept at assessing a business’ risk of regulatory non-compliance, providing swift remedial action where needed.
Some of the services we can provide include:
- Risk/Gap analysis
- Information sharing and inventory production
- Drafting of policies and contracts
- Disaster / breach proofing
- Ongoing training and support