6 ISSUES FOR JUST £6 Subscribe to Business & Professional Life today CLICK HERE

GDPR: Are you ready?

PUBLISHED: 10:06 17 April 2018 | UPDATED: 10:06 17 April 2018

GDPR: Coming, ready or not

GDPR: Coming, ready or not

Archant

Everyone’s talking about GDPR - the General Data Protection Regulations coming into force on May 25 this year. How is your business preparing for the new legislation?

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals in the European Union.

It addresses the export of personal data outside the EU. GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

When GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC).

It was adopted on April 27, 2016. It becomes enforceable from May 25 this year, after a two-year transition period.

Unlike a directive, it does not require national governments to pass any enabling legislation - and so it is directly binding and applicable.

Five ways to get GDPR compliant

When it comes to complying with the new General Data Protection Regulations, it’s not too late to take action.

Salpo Technologies, based in Cheltenham, offers businesses five top tips to avoid falling foul of the new legislation.

By May 25, all businesses will need to have made sure they have contacted all individuals they currently hold contact details for and ask them to provide explicit consent on the data that you hold on them, the way the company uses this data and therefore how they can be contacted.

Companies then need to be able to make sure that you can show how and when this consent took place.

Five steps to compliance:

1. Have a look at the ICO’s 12 step document which outlines practical steps to achieving compliant data. This can be found here.

2. Attend some of the GDPR webinars that are currently being run across different industries

3. Take time to understand your current business processes. You especially need to document details such as:

• Where you store your existing customer contact details

• How you store this information and how the data is currently used

• The methods by which you communicate information to your customers such as email platforms and telesales campaigns

• How you will deal with customer requests for details on the data that you hold on them and how you will manage requests to amend this data or contact permissions

4. Make sure that everyone in your company knows what GDPR is, how it might affect them in their day to day roles and what plans they need to have in place to deal with these changes

5. As mentioned earlier, reach out to your software providers - where this software handles customer data - and find out what plans they have in place or have already implemented in order to help with GDPR compliance. You can then identify and fill gaps in your data protection plan.

Am I doing enough?

Worcester-based ISO Quality Services Ltd is an independent organisation that specialises in the implementation, certification and continued auditing of ISO and BS EN Management Standards. It also offers ISO / BS consultancy, training and internal auditing.

Does having an ISO Standard mean I’m GDPR compliant?

In a word, no.

Even having the Information Security Standard (ISO 27001) doesn’t make you fully compliant, although it helps significantly.

Although we can help you achieve compliance in three different ways (as outlined below), every business including those running internationally recognised management systems will need to take steps to review their data and update their policies and procedures.

Why is GDPR a buzzword at the moment?

GDPR is a beefed up version of Data Protection. It has been a regulation for a while but becomes legislation on the 25th May. That’s when businesses run the risk of big fines from the ICO Information Commissioner’s Office. The potential fines for failing to comply with GDPR could reach up to €20 million or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors. Whilst GDPR will apply from May 25 2018, it is an ongoing matter that your business will need to continually comply with.

We don’t know what to do, can ISO Quality Services help?

Whilst GDPR can seem a little daunting, here at ISO Quality Services we pride ourselves on keeping it simple. Whether you’ve been putting off your GDPR preparations or have made a start but feel you require guidance, ISO Quality Services can help in three ways:

1. GDPR training

We offer a one-day interactive workshop that uses business scenarios to introduce the new legislation and provide an overview of the steps that businesses will need to take as dictated by law to become compliant.

By the end of the day, you’ll be able to:

• Understand what the EU GDPR is and why the law is changing.

• Explain what has changed from the Data Protection Act 1998 and what is expected going forward.

• Understand what the impact of the EU GDPR means for your business.

• Be able to formulate a plan of action.

2. GDPR consultancy

We appreciate that every business is different and each will manage their data in different ways. We can therefore arrange for one of our GDPR consultants to come into your business and provide one-to-one guidance tailored for your needs.

To explore this option, call us on 01905 670303 or email info@isoqsltd.com.

3. We can help you implement ISO 27001

Businesses with ISO 27001 are already half way to achieving compliance. Certification is normally achieved in eight weeks, regardless of the business size or sector.

One of our expert auditors will carry out an initial assessment. This process involves a gap analysis, identifying areas of non-compliance, recommending areas of improvement to meet the requirements and the gathering of information to compile documentation.

Once you are certified, we work with you to ensure you stay on track. We help you monitor your progress with a six monthly review from our expert auditor and an annual recertification audit. We also provide over the phone support all year to help you keep on top of things.

I already have ISO 27001, do I need to worry about this?

You do, but you’ve already got an advantage in that many of the processes within ISO 27001, such as disposal of media and security of equipment, are great best practice for complying with GDPR. If you require any help, we can arrange for one of our consultants to conduct a gap analysis to help bring you up to compliance. Alternatively, take a look at one of our upcoming GDPR training courses.

We’re an existing client, is GDPR included in our package?

The GDPR is not a change to an international management system, it’s a fundamental shift in the way data is used and stored within your business’s operations. As such, we cannot issue an update to a manual to help you achieve GDPR compliance.

To give another example, if we help a client run a BS 18001 Health & Safety management system and new H&S legislation comes in, such as a change to manual handling, our client will still need to make operational changes to ensure compliance with the new legislation.

Take your time: Get it right

William Stebbings is a Senior Associate Solicitor at business law firm Sherbornes Solicitors. He has practised commercial law for 38 years and has a special interest in data protection, Intellectual property and competition law.

GDPR has taken on some kind of mystical unfathomable status that it does not deserve. It’s clear why so many small business owners are worried about it. It cannot be codified into a simple list of numbered rules and many advisors are frightening businesses in an attempt to win business.

However, it does not deserve the status of number 1 worrying risk for a business and it can be solved fairly easily with a simple, methodical approach. The key message is not to rush and get it wrong.

The Information Commissioner has stated very clearly that she is growing tired of the scaremongering and that, as long as you are compliant with the old regime, and are genuinely working towards complying with the new, she will not penalise any business during the first 12 months. So, slow down and get it right, as this leniency won’t last forever.

• Start working toward compliance now, if you haven’t started already. It will take some time.

• Document each step you take, so that if you do make a mistake in the future, you can show that it is not because you have failed to take GDPR seriously.

• Conduct a Data Audit. Get your senior managers involved and document all forms of personal data that you hold. This could be email addresses, CCTV footage, names and addresses, payroll information. List it all, no matter how trivial.

• Once the audit is complete, identify for each class of information, whether and how you process it.

• Identify for each type that you process, the reason that you process it. There are 6 permitted reasons. It may be hard to change the reason at a later date, so it’s best to get this right. The 6 reasons are:

1. Consent of the individual

2. Contractual necessity

3. Compliance with a legal obligation

4. Protection of an individual’s vital interests

5. Performance of a public task

6. Legitimate interest

• Perform a risk assessment (very similar to a health and safety risk assessment) to identify what risks there are to the data, and how you can eliminate or minimise these risks.

• Review your contracts, policies and procedures to include the measures that reduce or illuminate your risk.

• Train key staff on the changes and their obligations.

It’s little more than a route map. There are numerous professional firms out there willing to help you with the process, but don’t just buy a set of policies that are described as GDPR compliant, because without the above process, they can’t necessarily be compliant and useable. Take time and care, and get it right.

Coming, ready or not

Brightman, the Gloucestershire-based IT consultancy, is running an initiative to provide free GDPR support to local charities.

Southmead Community Centre in Bristol is just one of the charities to benefit from Brightman’s complimentary GDPR service, which consists of consultancy and workshops over a number of days.

Brightman feels strongly about giving back to the community, and its “Helping Hands” programme is aimed at offering free advice to charities on a range of topics that could affect their business. GDPR is the first topic to be supported under the Helping Hands initiative.

Brightman is asking for other charities to register their interest in the service on their website here.

0 comments

Welcome , please leave your message below.

Optional - JPG files only
Optional - MP3 files only
Optional - 3GP, AVI, MOV, MPG or WMV files
Comments

Please log in to leave a comment and share your views with other Cotswold Life visitors.

We enable people to post comments with the aim of encouraging open debate.

Only people who register and sign up to our terms and conditions can post comments. These terms and conditions explain our house rules and legal guidelines.

Comments are not edited by Cotswold Life staff prior to publication but may be automatically filtered.

If you have a complaint about a comment please contact us by clicking on the Report This Comment button next to the comment.

Not a member yet?

Register to create your own unique Cotswold Life account for free.

Signing up is free, quick and easy and offers you the chance to add comments, personalise the site with local information picked just for you, and more.

Sign up now

More from Cotswold Life

15:01

Harnessing the power of social media, charity awards and dreaming up new projects - it’s all in a day’s work for Gloucestershire children’s charity Pied Piper and its corporate supporters

Read more
14:24

The fifth edition of the annual awards will be taking place from 6pm on Thursday, November 16 at the Tree Tops Pavilion, West Midland Safari Park

Read more
14:15

“Joining forces with Advanced Insulation brings a significant benefit to Isoremov, the Brazilian insulation market and our potential for future growth.”

Read more
13:58

“We are delighted to have achieved another strong set of results in this highly-respected independent guide.”

Read more
13:45

An expert from accountancy, investment management and tax group Smith & Williamson is speaking at a major event in Gloucestershire this month which will put the spotlight on the housing crisis

Read more
12:27

The Cotswolds’ very own Prince of Wales turns 70 this month, so we looked back on some of the highlights of his life and career, and wondered what birthday pressies we would buy for the man who has the world at his feet

Read more

The Warwickshire town of Alcester is considered one of the best understood Roman settlements in the country. Tracy Spiers digs below the surface to discover its hidden jewels

Read more

Thanks to the impact of ground-breaking comedy This Country, the quiet market town of Northleach has become one of the Cotswolds’ hottest film locations. Katie Jarvis is sent to investigate

Read more
12:01

After a new home in the Cotswolds or looking to relocate within the region? We bring you 16 of the best housing developments in the area

Read more
12:00

Whether you’re after something for an adults’ stocking filler, a little something while you slave over the turkey dinner or a tipple to enjoy with your festive party guests, we pick 9 drinks from the Cotswolds you need to try this Christmas

Read more
Yesterday, 17:02

From mini Norway spruces to luxury Nordman firs, here are eight of the best places to get a luscious, green tree in the Cotswolds this festive season

Read more
Yesterday, 14:04

The weekend is fast approaching and for those still deciding how to spend their Friday through to Sunday, we pick 5 of the best ways to spend your weekend in the Cotswolds

Read more
Yesterday, 13:06

As a Christmas treat Cotswold Life is pleased to offer one lucky reader the chance to win an array of fantastic prizes in our Christmas Quiz. There is a prize to mark each of the 12 days of Christmas

Read more
Thursday, November 8, 2018

From festive light switch-ons and Santa’s Grottos, to Victorian Christmas Fayres and late-night shopping, we’ve covered what’s on in and around the Cotswolds this season

Read more

Newsletter Sign Up

Sign up to the following newsletters:

Sign up to receive our regular email newsletter

Our Privacy Policy

Topics of Interest

Food and Drink Directory A+ Education

Subscribe or buy a mag today

subscription ad

Local Business Directory

Property Search