What is the General Data Protection Regulation (GDPR) and do I need to worry about it?
A recent survey shows the majority of businesses are unaware of the new ‘General Data Protection Regulation’ (GDPR) requirement that is likely to affect most UK based businesses. If you have not heard of GDPR or have little knowledge on the issue please ensure you read below as every organisation should be aware of GDPR and the huge fines for data breaches it carries – up to 4% of annual global turnover or €20m (£18.4m), whichever is greater.
General Data Protection Regulation’ is coming, is your business ready?
As of 25th May, GDPR will come into force, across the EU including the UK, and will be a game-changer in how companies store, secure and manage personal data. This will affect anyone storing personal data such as name, home address, an email address, bank details, updates on social networking websites, location details, medical information, or a computer IP address. All of this information is highly important for any business who implements marketing. If you are not doing so already, your business needs to start putting plans in place now if they are to meet the 25th May 2018.
What should my businesses do to ensure I am compliant?
There are many sources of help including courses and workshops on this topic offered online however our research has concluded there are 4 main stages that should be focused on for implementation:
Stage 1 – Think about personal data in your business, in particular:
- what personal data does your business hold and why?
- where does this personal data come from?
- who do you share it with?
Stage 2 – Internal policies and procedures should be implemented and documented setting out guidelines for Stage 1 which demonstrates how your company is in compliance.
Stage 3 – Designate a ‘Data Protection Officer’ who instils a culture of compliance in your company and ensures you actually complying at all times. This is only a specific requirement for companies with more than 250 employees however you will need someone to take responsibility for this.
Stage 4 – You will have to have explicit consent to contact individuals for anything outside of your normal transactions such as marketing calls. The consent tick boxes cannot be pre filled and have to be a positive answer. From 25th May, if you do not have explicit consent to contact an individual you will be in breach of GDPR.
The most reliable and comprehensive guidance on the scope and effect of the new rules is published by the Information Commissioner’s Office at
The Institute of Chartered Accountants in England and Wales (ICAEW) has also published an overview of the General Data Protection Regulation, which provides helpful guidance on the changes.
We realise the complexity of this issue and GDPR will effect some more than others however if you require further assistance please do not hesitate to contact us.