GDPR came into force on the 25th of May 2018
If you are one of the 75% of companies that have not yet addressed the requirements, then you probably fall into one of the following categories:
a) You think you are not affected by it and don’t have to act accordingly.,
b) You are terrified of it and are thinking it will be ok if you just tidy up your data.
c) You know you need to do something but it can wait. After all, you have a business to run and get on with.
d) You think it will all go away because we are leaving the EU and EEA (The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR)
e) All of the above!
Alarm bells are ringing in many business owners’ minds today, anxiety plaguing their thoughts with questions such as “what do I need to do”; “whom do I need to contact”; “where on earth do I start?”
Elizabeth Denham, the Information Commissioner of the Information Commissioner’s Office (ICO), has issued two important words of advice: “Don’t panic!”
But the leniency won’t last forever and ALL businesses need to be set up to comply with the regulation.
This standard applies to all organisations who are ‘controllers’ and/or ‘processors’. The definitions are broadly the same as under the Data Protection Act – i.e. the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the Data Protection Act, it is likely that you will also be subject to the GDPR.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
NEED TO KNOW MORE?
If you would like to know more about the finance subject area, please contact the ibd head office on 01223 597 845.
GDPR pages courtesy of Tim Cobley