Regulatory Compliance GDPR: TOP 10 TIPS
First of all, what is GDPR?
The General Data Protection Regulation (GDPR) is a regulation that the European Parliament, the Council of the European Union and the European Commission have all ratified which is intended to strengthen and incorporate data protection for all individuals within the European Union. It is due to come into force on 25th May 2018 and you will need to know how it affects you and / or your business.
You will need to know if the GDPR actually is relevant to you and your business. It will apply to ‘Controllers’ and ‘processors’ of data. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. So the controller could be any organisation, from a profit-seeking company to a charity or government. A processor could be an IT firm doing the actual data processing. Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents. The controller must ensure that the processor abides by the GDPR and the processor must themselves ensure that they abide by the GDPR.
You need to make sure you and the decision makers / influencers in your company / firm are aware of the GDPR and what it means. Employees should also be made aware and their obligations in relation to the data they are privy to.
You need to start to gather and collate the data you have on your records; where it came from and why you have it. You should organise an information audit and this should be done as soon as possible and you’ll have to set aside time to do this on top of your normal duties as it could be quite a time consuming task.
You should review and amend, if necessary, your privacy notices. For example, on your email footers, websites and external correspondence. Likewise, you should be considering the privacy notices of third parties that you correspond with – do they have privacy notices? Are you satisfied that you can provide data lawfully to them?
You should review and amend, if necessary your privacy procedures, for example, how you delete personal data or how you provide it. How is your data going to be collated?
Know the law
You need to be aware and understand the legal basis for your data processing and gathering. A solicitor can review the law and advise you how it relates to your business. Furthermore, you will need to be aware of what a breach of data protection can lead to. Fines for the most serious of breaches can be up to 4% of annual worldwide turnover of your business or 20 million euros (whichever is higher)
You should review how you seek, record and manage consent and whether you need to make any changes. You need to check if they meet the GDPR standards. The parties giving you consent will need to be properly advised of what they are consenting to, proper authorities and mandates may need to be carefully re-drafted and reviewed. A solicitor will be able to draft disclaimers / mandates / authorities and provide you with advice.
Children / Minors
If your company deals with the data of children / minors, you will need to review and consider the procedures in place for the verifying ages and parental or guardian consent for any data processing activity
Consider your procedures in place to detect, report and investigate a personal data breach. Employees will need to be properly briefed and made aware of whistle-blowing policies to report any breaches.
Data Protection Officer
You need to consider if you require a Data Protection Officer and if so, where they will sit in your firm’s structure and the practicalities of their role.
International and Brexit
If you carry out work outside the EU, you’ll need to check and consider your lead data protection supervisory authority. Furthermore, if your business operates within the UK or with UK businesses, you’ll need to consider and be aware of the corresponding UK Data Protection laws post-Brexit and the implications of operating across the UK / EU border.
Fortunately, there is help at hand from Monarch Solicitors. We specialise in commercial and business law and are dedicated to ensuring that our clients are well informed. We will advise you of the law, your duties and rights and how it applies to you practically in a straightforward and professional manner.
If you are facing any kind of GDPR or regulatory dispute please contact our Regulatory Compliance solicitors in Manchester on 0161 820 8888 and solicitors in London on 0208 889 8888 for immediate assistance.
Don’t wait until it is too late.