Businesses have been urged to prepare for the introduction of the new General Data Protection Regulation (GDPR), which will impose new requirements on all organisations that collect, store and process individuals’ personal information, with significant financial penalties for non-compliance.
The new GDPR places an increased emphasis on accountability and transparency, and businesses should ensure that they have up-to-date records relating to the personal data that they hold, including where the data came from and who it has been shared with.
Businesses are also advised to review any privacy notices they have in place and, where necessary, make sure that these are amended in time for the implementation of the new GDPR, which comes into effect in May 2018.
Organisations must also identify their ‘lawful basis’ for processing activity within the GDPR, record this and update their privacy notices accordingly. The GDPR will modify some individuals’ rights, depending on the lawful basis. If you use consent as your lawful basis for processing, clients will have a greater right to have their data deleted, if they so wish.
Businesses must also ensure that adequate security systems are in place to protect data, and to detect, report and investigate any data breaches.
Commenting on the new GDPR, David Riches from the British Chambers of Commerce (BCC), said: ‘Businesses need to be proactive about ensuring they are ready for the new data protection regulations when they come into force [in May 2018] and not leave preparations until the eleventh hour’.
For more information on the GDPR and how your business can prepare for its introduction, please visit the Hot Topics section of our website.