GDPR: How to prepare your business

There has been much uncertainty due to Brexit on how and if businesses in the UK will be affected by the General Data Protection Regulations, known as GDPR. It has now been confirmed that it will be adopted on 25 May 2018 and organisations must ensure that they implement any necessary changes to ensure compliance by then.

The GDPR seeks to introduce higher and more stringent regulations upon those whose hold and process personal data.

Awareness and impact

One key change introduced by the GDPR is that organisations will need to demonstrate awareness of the changes and their likely impact. How individual businesses will be affected will depend on the type of business – therefore getting legal advice on what your business needs to do and how to demonstrate compliance is key.

Review privacy notices to ensure they cover the following areas:

  • the legal basis for processing data,
  • data retention periods; and
  • the right to complain to the ICO.

It may be that you need specific privacy notices for different types of data subject.

Subject access requests

Implement a procedure for dealing with subject access requests. Some aspects of the process, such as the time to respond to subject access data requests are mandatory and therefore your procedure should reflect this.

Data breaches and sharing

Under GDPR, all organisations will have a duty to notify the UK Intellectual Property Office (IPO) of data breaches and where data is shared with third parties. The data sharing agreement will need to allocate responsibility as to who needs to inform the IPO of breaches in respect third party data.

Karen Edwards, Solicitor and Associate in the Commercial Team, says it is vital that the regulations are adhered to for all types of business. She explains “The penalty for failing to adhere to the regulations could potentially be up to £500,000. Bearing the cost of a fine of that scale could be severely detrimental to any business. Please speak to us if we can help advise your business on GDPR compliance.”

Our Commercial Team is happy to discuss any issues that this raises for your own business. If you have any questions, you only have to ask us at Frettens. Please call 01202 499255 and Karen or a member of the team will be happy to chat about your situation and your particular requirements.