If you’re a business who gathers and uses the personal data of your customers, clients, suppliers or staff then you need to know the law is changing on how you manage and use personal data.
The existing Data Protection Act 1998 (DPA) will no longer exist as of 25 May 2018. It is being replaced with the General Data Protection Regulation (or GDPR for short). GDPR came into force in May 2016 but doesn’t become directly applicable until 25 May 2018. A 2 year transition from the old to the new was put in place so that all businesses could review and update their data protection business processes to ensure they became fully compliant with GDPR from day 1.
This is one of the biggest changes in data protection law in the last 20 years and brings how we use personal data into line with today’s modern and much evolved technological society. When the DPA came into force who had heard of social networking, or smart phones and tablets! GDPR has several changes on how we use personal data and tightens up the requirements on what a business can and can’t do with it. It also strengthens the rights of individuals.
If you’ve not started to review your data protection compliance, then it is very important that you make a start sooner rather than later. You have already lost 8 months and this is valuable time. Most businesses will need to make some changes to their data protection business processes and the sooner you can start to do this the better.
A good starting point is to review your compliance with the current legislation and identify where you are currently non-compliant. Putting it bluntly if you are non-compliant with the existing DPA you will definitely be non-compliant with GDPR! These non-compliances with DPA can be addressed and urgent action taken to rectify them so that you become fully compliant with existing law. Remember you need to remain compliant with the DPA for the next 16 months, otherwise you are in breach of this law and the UK Regulator (Information Commissioners Office) can and is likely to take enforcement action against you which includes monetary fines of up to £500K.
Once you’re fully DPA compliant, if not already, you need to look at what the gaps are to becoming fully compliant with GDPR for your business. This will mean reviewing the changes between GDPR and DPA and identifying any non-compliances relevant to you and your business. If you start to review these changes soon, i.e. within the next few months and draw up a full list of recommendations of what you need to do, you will then still have a year left to implement those recommendations. Remember some actions will take a long time to implement so you will need plenty of time to do the work.
I will be putting information on my website over the coming months on what the GDPR changes are and how this may affect your business.
If you’re unsure about reviewing your data protection compliance and making the necessary changes to be GDPR compliant then it is best to use an expert to do this for you as it will save you time and money, which as you know, is valuable to any business. Dunwell Data Protection is an expert in the field of data protection law and is here to help make your life easier, rather like your accountant who makes life easier sorting your tax return out! Samantha can be contacted on 07534 258800 to discuss your data protection compliance requirements.