GDPR and why you can’t ignore the implications
Firstly, and we don’t say this to scare you but instead to make sure you take this topic seriously, GDPR can have massive financial penalties and reputational damage. It will not affect all of you reading this but it is still important to be aware of it. You will have heard in the past of companies leaving laptops on trains with client information or the famous example of the dating site whose members were all leaked. Had GDPR been in effect at the time of these incidents it is possible that these companies could have been put out of business with the scope of the financial penalties that could have been levelled.
What is GDPR?
The General Data Protection Regulation will come into election from 25/05/18 and will override the UK’s Data Protection Act. The objective of GDPR is to enhance the rights of the individual to have their privacy protected. In a world of increasing cyber activity, the Data Protection Act of 1998 was becoming increasingly obsolete and new measures needed to be taken to protect individuals and their information – this is the aim of GDPR. GDPR affects anyone holding personal information relating to other individuals.
Can I opt out of GDPR?
No – GDPR is not ‘best practice’ – it is the law. There will be high level fines for breaching GDPR with serious violations attracting fines of up to 20 million Euros or 4% of your global turnover – whichever is higher.
What do I need to do?
The first step for every organisation is to perform a data audit – that means working out what ‘personal information’ you hold, why you hold it, how you hold it, what do you do with it and if it is suitably secure.
What is ‘personal information’?
‘Personal information’ can be anything from a name, phone number, email address, IP address, National Insurance Numbers, Bank Account details etc. which relates to/identifies any individual – i.e. natural personal – located within the EU.
What about Brexit?
GDPR comes into force across Europe long before the reality of Brexit, and is also in the process of being reflected in UK law so Brexit will have no effect on its implementation.
What happens if I accidentally breach GDPR?
If you accidentally breach GDPR, the breach ahs to be reported within 72 hours of the breach, not your awareness of it (if it qualifies as a notifiable breach). You will therefore need an internal breach reporting procedure in place for this, as well as suitable mechanisms to prevent breaches occurring.
How can Grampian Accounting help?
We can act as first port of call for any queries which you may have. Every company is unique and it can be helpful to have someone with whom you can discuss your particular situation and requirements with. Grampian Accounting can help get you started on your journey by pointing you in the right direction and giving you guidance on some of the issues you encounter. If you feel your organisation will require a more comprehensive data and information audit then we can arrange this for you by providing you with recommended contacts who can help you on your way to compliance.
If you want to get in touch with us regarding your journey to GDPR compliance then contact Jen on 01224 748 298 or email at jen@grampianaccounting.co.uk.