Skip to the content

General Data Protection Regulations

The law around Data Protection and Information Security is changing and new UK legislation on General Data Protection Regulation (GDPR) is gaining increased publicity and will come into force in May next year.

Why is it so important you may be wondering?  Well it is being highlighted as a piece of legislation that ALL businesses will have to implement in one way or another hence the amount of information being distributed from lawyers, professional bodies and the Information Commissioner. It is as wide reaching as the recent pensions campaigns but not yet as high profile.

The new legislation basically makes most provisions regarding Data Protection and Information Security obsolete at a stroke and businesses need to be prepared for those implications. For example, any “blanket clauses” you have used to get permissions from customers and/or employees relating to their personal data will need to be revisited.  This includes medical information, bank details, personal information, payroll and absence data, customer data bases and most other information you hold on customers/employees on any recognised system, electronic or manually filed.  Basically, there is very little in the way of data that is not going to be covered by the new GDPR and enforcement and compliance are going to be more stringently applied. 

The new regulation is effectively saying that information is the property of the individual and any business that uses it has to have express permission to do so and demonstrate that it is protecting that property to the best of its ability.

One of 12 steps that the Information Commissioner suggests all businesses undertake is an Information Audit and this might be a good place to start, organisations need to know what data they hold, where it is and why they have it.  Once those key questions are answered then the organisation can plan how it aims to comply with the legislation which will come into force on 28 May 2018.

We can help you understand your responsibilities and help work towards compliance too. If you would like to discuss this further please let us know.