Macdonald Henderson Solicitors

You are in: HomeNews › GDPR – Are you ready? - 9th January 2018

GDPR – Are you ready? - 9th January 2018 - Click for larger version GDPR – Are you ready? - 9th January 2018

The new European General Data Protection Regulations (GDPR) is due to take effect from May 2018. There has been much spoken and read about the impact of the new regulations

These new regulations are set to overhaul the existing data protection regime and will make businesses more accountable as to how they use personal data.

Below is a summary of some key updates that the GDPR will implement which will be significant for UK businesses:-

Complying with the GDPR is not a choice – it is mandatory.

The new regulations will affect all businesses that process personal data and they will require to comply with the GDPR as they process such information about their employees, customers, clients and suppliers.

The GDPR directly regulates "data processors" for the first time. Please note that “data controllers” will continue to be regulated.

Organisations will require to tell individuals more about why they are using their information and how they are using it – as well as what rights individuals have in respect of the data held.

There will be potential fines imposed for non-compliance of up to 20 million euros or 4% of annual worldwide revenues, whichever is greater.

The GDPR implements new rules for obtaining consent to process data – businesses should review whether their documents and forms of consent are adequate, and check that consents are freely given, informed and specific.

The GDPR requires that businesses will have to report breaches to the ICO that are likely to harm individuals within 72 hours.

In some cases, businesses will be required to appoint a Data Protection Officer to comply with the GDPR.

Data protection considerations should now be taken into account from the outset of designing a new process, product or service, rather than dealing with it as an afterthought.

Businesses are encouraged to plan now for the implementation of the GDPR. The deadline for GDPR compliance is 25th May 2018 – so are you ready? Many of the changes imposed by the GDPR will require substantial lead time, so it is important for businesses to plan.

It will be difficult to plan remediation without first conducting an audit and establishing your requirements for compliance. It is also highly recommended to keep a record of what you have done for compliance in terms of an audit.

Macdonald Henderson have been working closely with Cohesion Digital Limited, an eCommerce services company, in respect of their processes in undertaking an audit to establish what steps they require to take to ensure compliance with the new GDPR.

Alistair Macneil, Managing Director of Cohesion Digital has kindly prepared a blog highlighting the processes of his internal audit and the outcomes. Alistair’s blog can be found through the following link: https://www.cohesiondigital.co.uk/organisations-counting-gdpr/.

Key Points of Action:

Audit and document the personal data your business holds, and in particular note where it was obtained, who you share such data with and how long has the data been held by your business.

Question whether your business requires to hold such data.

Ensure mechanisms are in place which allows only for personal data that is required for a specific purpose to be processed and that data is stored for no longer than necessary.

Review all privacy notices used by the business and put in place a plan for changing these notices to comply with the GDPR.

Review all employment policies in respect of data protection and put a plan in place for changing these policies to comply with the GDPR.

Introduce training for employees to ensure all employees are aware of the GDPR compliance that they must follow.

Review of your commercial contracts – do your contracts require to be updated to consider the new data processing obligations.

Ignorance is no excuse...make sure you don’t get caught out!

For further information generally on the new GDPR please see the ICO published guidance which can be found at https://ico.org.uk/for-organisations/data-protection-reform/.

For further information on the implementing an audit for your GDPR compliance please contact Alistair Macneil on 0141 249 0641 or hello@cohesiondigital.co.uk.

For further information on the policies, procedures and contractual amendments required to assist with compliance with the GDPR please contact Laura Forrest on 0141 248 4957 or laura@macdonaldhenderson.co.uk.

Last updated: 3.45pm, Tuesday 9th January 2018

Latest News and Events

Macdonald Henderson has advised Law At Work (LAW), in its acquisition of Aberdeen-based HR and employment law firm, Empire in a deal which creates Scotland’s leading consultancy in employment law, HR, health and safety.
Macdonald Henderson is pleased to continue its association with Business Insider magazine this year. This month’s advert (below) draws attention to some terrific results for our firm in 2017/18.

Meet the Team at Macdonald Henderson