There is a tiger that is currently stalking British business. The world is divided into those who know about the tiger and are taking appropriate action and those who do not and who are very likely to attract the eye of the tiger. If they get this wrong not only do they face enormous fines of up to €20,000,000 but they also face customer embarrassment in being obliged to write to those whose personal data has accidently been leaked to third parties. They can also be responsible to such people for any financial loss they may suffer. The tiger concerned is the General Data Protection Regulation (“GDPR”) which comes into force next year and completely replaces the existing Data Protection Act. All current commercial contracts that last beyond May 2018 need to take GDPR into account.
If this was a thoroughly boring article about GDPR there would now be a section on the increased obligations of data processors plus a list of the different notifications that would need to be given to data subjects before the collection of their personal data. This is not one of those articles. Suffice to say that every business will need to look at what personal data they hold and take advice from a skilled professional on how to comply with the new rules. The checklist below may help you to avoid being spotted and eaten by the tiger.
Checklist for preparing for GDPR:
A. What personal data do you currently hold within the organisation? NB this could relate to customers, suppliers, staff or people on your contact database.
B. How did you get that personal data and on what basis was it given to you?
C. Do you hold such data as either data controller or data processor?
D. What do you do with that data?
E. What security arrangements do you have around such data?
F. What arrangements do you have to keep that data up to date?
G. What arrangements do you make for the deletion of personal data when it is no longer required?
H. What data do you give to third parties? (e.g. staff data to your payroll company)
I. Where (geographically) are such third parties?
J. Who is in charge of data protection in your company?
K. If you buy in marketing information containing personal data, on what terms did you get such data?
Visit the Business West General Data Protection Regulation (GDPR) page if you would like more information about how it will affect your business
- Log in to post comments