General Data Protection Regulation (GDPR)
On the 25th May this year the General Data Protection Regulation comes in to effect to replace the Data Protection Act of 1998. All businesses which control or process personal Data will need to have updated and implemented revised policies and procedures in order to ensure they comply with the new legislation.
Hopefully if you are a business operator you will already have strong and robust Data Protection policies in place. The new GDPR builds on this and provides individuals with stronger rights to be informed, to access the information held on file and stronger rights to be forgotten. Companies need to demonstrate that they have procedures in place to ensure data is only collected for specified, explicit and legitimate purposes, consent is obtained and data is held securely. They will need to prove that it is being used fairly and lawfully, only processed for specified purposes and not kept for longer than is necessary. Data breaches have to be reported sooner and there are greater fines for significant data breaches.
If your business has not already started its transition to the General Data Protection Act. The Information Commissioner's Office (ICO) has released help and guidance tailored specifically for small businesses that are preparing for the introduction of GDPR. The information includes a guide to GDPR, useful checklists and FAQs and a useful graphic outlining '12 steps to take now'. The ICO has also launched a new advice service helpline for small businesses and charities.