I am sure you have seen lots of talk about GDPR recently and have started to receive emails from various businesses and organisations that you subscribe to regarding this. However, there is some confusion over what you should be doing and what you are doing. Here are the questions I get asked about the most.

 

  1. When does GDPR begin? The new GDPR regulations are enforced from 25th May 2018

 

  1. Does BREXIT mean that it matters? Yes, the UK is implementing a new Data Protection Bill which contains most of the GDPR provisions. There are some minor changes but our law will be mainly the same.

 

  1. Will my company be impacted? Yes, all companies that are controllers or processors of data will be covered by GDPR. If you are currently subject to the DPA then it is highly likely that you will be subject to GDPR.

 

  1. What is different about GDPR? There are 99 articles setting out the rights of individuals and the obligations place on businesses covered by the legislation. These include individuals having easier access to the information held about them, a clear responsibility for businesses to obtain consent from individuals that they collect information about and a new regime of fines.

 

  1. Who oversees GDPR in the UK? This is overseen by the department for Culture, Media and Sport. They are responsible for ensuring that UK law is compliant but will not oversee the day to day elements of GDPR once it is enforced.

 

  1. Who will oversee GDPR in the UK on a day to day basis? This will be overseen by the ICO (Information Commissioner’s Office). They will be responsible for GDPR and have the power to conduct criminal investigations and issue fines

 

  1. Do I need to worry about GDPR? No, if you have been following current legislation regarding data protection you will probably find that you do not need to change a lot. The key is to make sure that you are aware of GDPR and check that you have systems in place to ensure that you stay compliant when GDPR comes into action. You can find the ICO guide to GDPR here https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

 

So, in summary you need to check that your systems are in place to remain compliant. There is plenty of information out there but don’t allow yourself to become bogged down in it. If you are using outside companies for things such as email newsletters then they probably will have information and systems in place to ensure that you remain compliant in this regard. So, allocate a member of your team to check out what you need to do and use the ICO website for guidance, remember they are there to help you.