Get ready for the new data protection rules

12th September 2017

The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

Where the current consents do not meet the new GDPR then action will be needed.

The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

 

 

For further information and advice get in contact with our team at Decisive:IT who can offer practical advice and take you through the steps you need to take to ensure you are compliant with the upcoming GDPR changes.

 

Other helpful links: ICO getting ready GDPR 12 steps.pdf



 
Other items in Blogs
 
Jonathan Moore
28th September 2018 Top 5 tips for start-up businesses

Businesses are born in many ways but there are some common considerations for all start-ups. Legal form Consideration needs to be given as to the how you wish to set up and structure your business. If you are going it alone perhaps a sole trader could be the best route or, if there is more…

Read More »

Mark Deighton
14th September 2018 Sage 50 VAT T Codes

Sage 50 VAT T Codes. Sage 50 Accounts book keeping software populates its VAT return by using tax (T) codes to indicate which VAT rate to apply to each transaction. Whenever you post a transaction in Sage 50 Accounts you must enter the relevant T code:   T0 – Zero rated transactions (eg most food, books, new builds,…

Read More »

Richard Alecock
13th September 2018 Making Tax Digital …… Only 200 days to go!

It’s time to decide how you will digitalise your records in order to meet HMRC requirements ahead of April 2019 HMRC wants the UK to be one of the most digitally advanced tax administrations in the world, improving efficiency, effectiveness and ease of compliance. Their plans signal the end of paper accounting for millions across…

Read More »

Jeannette Hume
4th September 2018 EIS Test Case: Capital gains tax exit exemption not linked to income tax entry claim.

In a recent HMRC test case (Ames v CRC), the Upper Tribunal considered whether it was necessary for EIS income tax relief to have been claimed when an EIS investment was made, for the transaction to then potentially qualify for exemption from capital gains tax when the investment was sold. For the case in question,…

Read More »

Ian Piper
4th September 2018 Preserving your business income

It’s the holiday season, many will have recently been or soon be travelling abroad. As well as marvelling at the sights, we will also be struck by how these countries are run, and compare them to life back in home.   It is easy to be jealous of: State pension levels in Sweden Police numbers on…

Read More »

Amanda Newman
3rd September 2018 Making Tax digital is nearly here

As we head towards the end of summer and we start to prepare the children to go back to school, life starts to get back to normal. If you run your own business you may want to use this time to start planning ahead for the changes in the way you file your paperwork with…

Read More »