Skip to: main navigation | main content | sitemap | accessibility page
In May 2018, the UK’s data protection law changed, when the General Data Protection Regulation (GDPR) came in to force. For many organisations, this means significant changes in the way they store, access and use data held on employees, customers, prospects and stakeholders.
While the GDPR is an EU-initiative, the UK government has already made it clear that the legislation will still take effect in the UK after Brexit. Businesses that are found to be non-compliant risk potential fines of up to €20 million or 4% of annual worldwide turnover.
Somerset Chamber are urging businesses to start making the necessary preparations to ensure they are ready for the regulation.
Steps for businesses to take include:
- Document what personal data the company holds, where it came from and who it is shared with. Firms may want to consider organising an information audit or speaking to a data expert
- Review current privacy notices and plan for any necessary changes needed before the implementation deadline
- Check procedures to ensure that they cover all the rights individuals have under the new rules, including how to delete personal data or provide data electronically if needed
- Review how the company seeks, obtains and records consent from individuals, and whether any changes are necessary
- Ensure the right procedures are in place to detect, report and investigate a personal data breach
- Determine whether a Data Protection Officer is required, and designate one if so, to take responsibility for data protection compliance and assess how the role will sit within the organisation.
For more steps on preparing for the General Data Protection regulation, businesses should revert to the Information Commissioner’s Office Checklist.