6th November 2017 Posted by - Alexander Accountancy
Are you preparing for the General Data Processing Regulations
You need to make sure your decision makers and the key people in your organisation are aware the law is about to change. They need to appreciate the impact this is going to have and the areas that can cause compliance problems. Implementing GDPR could need a considerable commitment of resources so is best planned for well in advance with immediate emphasis needing to be placed on “Housekeeping” with regard to existing records, “Onboarding processes” for how new information is recorded and used, “Prospecting processes” showing that cold contact data has been obtained legally and “The Right to be Forgotten” covering the disposal of data that the subject can require to be done.
Four Key Elements
Lawful purpose for processing Personal Data – you need to be able to identify a lawful basis for your processing of personal data, document it and update your privacy notices that explain it.
Consent to hold and process Personal Data – you should review how you seek, record and manage consent. You need to refresh any existing consents you think you may hold and include a written audit trail to prove all the consents you hold are genuine.
Data Breaches – you need to make sure you have procedures in place to detect, report and investigate a personal data breach. You need to have the systems and processes in place that can minimise the effects of any personal data breach.
Data Protection Officers – if required you need to designate someone to take responsibility for Data Protection Compliance. And you need to know where the role sits within the organisations governance and management structure.
Things to think about NOW!
The “General Data Protection Regulations” are going to happen. It will not change when the UK leaves the EU, it will affect almost every business and it will not go away if you ignore it. It will come in to full effect from 25th May 2018, and it will take months to be properly prepared for it.
Everyone in your business needs to be aware of how it affects them, the job they do and the way the business is run. Do you need to set up a steering group, have you included the key decision makers, have you included everyone that regularly deals with Personal Data?
Legal Services – your legal provider should be able to advise you on all the aspects of getting ready for GDPR. And it would be a lot better, and more cost effective, to use their services to prepare in advance rather than hoping they can dig you out later.
Information Commissioners Office – is where it all will be run from and they can be a great source of advice. If you are seeking advice locally there are free and low cost events that can be sourced through Burton District Chamber of Commerce, Burton Business Club and other local groups.
If you want legal advice on this we are aware that Adam Gilbert of Else Solicitors in Burton is one of the local experts holding workshops on this subject.
Still not sure?
If you are unsure of what to do next Alexander Accountancy can offer general advice on this subject and a little practical help. But if you want advice on who we believe is the expert you should talk to, please email da***@al*******************.uk or telephone Burton upon Trent 01283 743851
