Get ready for the new data protection rules

12th September 2017

The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

Where the current consents do not meet the new GDPR then action will be needed.

The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

 

 

For further information and advice get in contact with our team at Decisive:IT who can offer practical advice and take you through the steps you need to take to ensure you are compliant with the upcoming GDPR changes.

 

Other helpful links: ICO getting ready GDPR 12 steps.pdf

Other items in Blogs
Harriet Sim
22nd October 2021 Self Assessment late payment penalties

HMRC are now issuing six month late payment penalty notices, as the due date for 2019/20 tax payments was over seven months ago (includes consideration to the additional months extension as a result of the pandemic). Taxpayers facing financial difficulties due to the impact of COVID-19 may have entered into a time to pay arrangement…

Nick Edgley
21st October 2021 Holiday lettings – declare to HMRC

If you own a UK holiday let are you declaring your rental profits to HMRC? If not time may be running out to make a voluntary disclosure of past profits.   HMRC has the power to request information, or documents, from third parties such as holiday booking sites; as well as being able to search…

Keri John
20th October 2021 Xero – Assigning Bills to Customers

You can now assign bills to customers in Xero!   This makes it easier to allocate expenses occurred during a job to the correct customer.   Perfect for Estate Agents, event planners and more.   When creating a bill to pay onto Xero there is an option to ‘assign the bill to a customer’. You…

Jake Day
20th October 2021 Minimising Your IHT Exposure

As Benjamin Franklin once said; the only two certainties in life are death and taxes. Although it’s a sombre subject, it is important to put in place the right planning so that when we are hit by one, we can avoid the other. We want to ensure we are able to leave as much of…

Paul Jefferson
19th October 2021 VAT Registration

A business must compulsorily register for VAT if taxable 12 month turnover exceeds £85,000. They can voluntarily register for VAT as soon as they start trading, providing they expect to make taxable supplies in the future.   Businesses that provide to other businesses may choose to register for VAT voluntarily before the registration threshold is…

Sharon Mace
13th October 2021 VAT DIY Scheme: HMRC update list of allowable expenses

There has been some controversy on claims made on DIY building schemes. HMRC have updated their guidance on goods and services that can be claimed under the VAT DIY Housebuilders’ Scheme.   The list is extensive and gives an ABC of items that are allowed, from Agas to woodworm treatment – but there’s a catch,…