Call us on
0370 1500 100
All businesses that use personal data have until 25 May 2018 to comply with the new General Data Protection Regulation (GDPR) legislation. Non-compliance can lead to potential fines of up to €20 million or 4% of annual worldwide turnover, whichever is bigger.
The GDPR requires businesses to carry out a root and branch review of how they collect and use personal data. Doing nothing is not an option and the sooner you start the better. May 2018 may sound a long way off but the scale of the reforms means that you need to deal with the issues sooner rather than later.
Are you ahead of your competitors or lagging behind? We surveyed business leaders around the country to learn what they knew about GDPR and what preparations they were making.
Not only can the Data Protection experts at Irwin Mitchell help your business meet the compulsory 2018 GDPR deadline and avoid fines, but can also help you reap the rewards of compliance. The three key rewards of getting your personal data compliant are:
Complying with the GDPR deadline, of 25 May 2018, is not optional. All businesses that use personal data need to comply and cross the May 2018 GDPR finish line. Brexit and the triggering of Article 50 will not affect this deadline. The Government has already made it clear that even though the GDPR is European legislation it will still take effect in the UK after Brexit.
Whilst May 2018 is a key date, compliance does not stop there. It is an on-going process and you need to continue with your compliance regime.
Knowing what challenges and hurdles you face is essential for achieving compliance. You need to understand where your compliance currently stands and how big a hurdle you face.
Some of the main changes businesses must prepare for before May 2018, are:
Individuals can require you erase their personal data from your systems. Whilst you need to have a process to action this, the right is not as wide ranging as you might think. You need to understand its scope, what your obligations are and how you need to reply to requests.
Individuals already have a right to access their data you hold. This right will be extended. Additional information will need to be provided and generally in a shorter timescale. You also won’t be able to charge a fee.
Data breaches which impact on privacy will have to be notified to the ICO and individuals affected within 72 hours of it happening. Breaches can range from a customer database being hacked to putting a letter in the wrong envelope. You will need to monitor your systems to know whether or not there has been a breach.
You need to be open with individuals about what data you are collecting and what you are doing with it. Fair processing notices and privacy policies need to be updated.
Not all use of personal data needs consent. If you do rely on consent then your consents need to be looked at. Consent will be harder to obtain and maintain under GDPR.
We understand that achieving GDPR compliance may seem overwhelming. Every business is unique and so a one size fits all approach won’t work. We have specialist lawyers who are already advising businesses on how to become compliant. We will work with you to understand what your business needs are and agree a pathway to compliance.
In view of the potential fines you need a true specialist to help you navigate through to compliance. General advice in this area will not be enough. GDPR compliance should be treated like a marathon, not a sprint, and compliance requires long term planning and preparation.
Don’t leave compliance to the last minute. Get in touch with one of our Data Protection experts today. We’ll be with you every step of the way.
Find out more about GDPR
Request a call back
Enter your details below and we'll call you back, at a time of your choice.