6 ISSUES FOR JUST £6 Subscribe to Business & Professional Life today CLICK HERE

GDPR: Are you ready?

PUBLISHED: 10:06 17 April 2018 | UPDATED: 10:06 17 April 2018

GDPR: Coming, ready or not

GDPR: Coming, ready or not

Archant

Everyone’s talking about GDPR - the General Data Protection Regulations coming into force on May 25 this year. How is your business preparing for the new legislation?

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals in the European Union.

It addresses the export of personal data outside the EU. GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

When GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC).

It was adopted on April 27, 2016. It becomes enforceable from May 25 this year, after a two-year transition period.

Unlike a directive, it does not require national governments to pass any enabling legislation - and so it is directly binding and applicable.

Five ways to get GDPR compliant

When it comes to complying with the new General Data Protection Regulations, it’s not too late to take action.

Salpo Technologies, based in Cheltenham, offers businesses five top tips to avoid falling foul of the new legislation.

By May 25, all businesses will need to have made sure they have contacted all individuals they currently hold contact details for and ask them to provide explicit consent on the data that you hold on them, the way the company uses this data and therefore how they can be contacted.

Companies then need to be able to make sure that you can show how and when this consent took place.

Five steps to compliance:

1. Have a look at the ICO’s 12 step document which outlines practical steps to achieving compliant data. This can be found here.

2. Attend some of the GDPR webinars that are currently being run across different industries

3. Take time to understand your current business processes. You especially need to document details such as:

• Where you store your existing customer contact details

• How you store this information and how the data is currently used

• The methods by which you communicate information to your customers such as email platforms and telesales campaigns

• How you will deal with customer requests for details on the data that you hold on them and how you will manage requests to amend this data or contact permissions

4. Make sure that everyone in your company knows what GDPR is, how it might affect them in their day to day roles and what plans they need to have in place to deal with these changes

5. As mentioned earlier, reach out to your software providers - where this software handles customer data - and find out what plans they have in place or have already implemented in order to help with GDPR compliance. You can then identify and fill gaps in your data protection plan.

Am I doing enough?

Worcester-based ISO Quality Services Ltd is an independent organisation that specialises in the implementation, certification and continued auditing of ISO and BS EN Management Standards. It also offers ISO / BS consultancy, training and internal auditing.

Does having an ISO Standard mean I’m GDPR compliant?

In a word, no.

Even having the Information Security Standard (ISO 27001) doesn’t make you fully compliant, although it helps significantly.

Although we can help you achieve compliance in three different ways (as outlined below), every business including those running internationally recognised management systems will need to take steps to review their data and update their policies and procedures.

Why is GDPR a buzzword at the moment?

GDPR is a beefed up version of Data Protection. It has been a regulation for a while but becomes legislation on the 25th May. That’s when businesses run the risk of big fines from the ICO Information Commissioner’s Office. The potential fines for failing to comply with GDPR could reach up to €20 million or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors. Whilst GDPR will apply from May 25 2018, it is an ongoing matter that your business will need to continually comply with.

We don’t know what to do, can ISO Quality Services help?

Whilst GDPR can seem a little daunting, here at ISO Quality Services we pride ourselves on keeping it simple. Whether you’ve been putting off your GDPR preparations or have made a start but feel you require guidance, ISO Quality Services can help in three ways:

1. GDPR training

We offer a one-day interactive workshop that uses business scenarios to introduce the new legislation and provide an overview of the steps that businesses will need to take as dictated by law to become compliant.

By the end of the day, you’ll be able to:

• Understand what the EU GDPR is and why the law is changing.

• Explain what has changed from the Data Protection Act 1998 and what is expected going forward.

• Understand what the impact of the EU GDPR means for your business.

• Be able to formulate a plan of action.

2. GDPR consultancy

We appreciate that every business is different and each will manage their data in different ways. We can therefore arrange for one of our GDPR consultants to come into your business and provide one-to-one guidance tailored for your needs.

To explore this option, call us on 01905 670303 or email info@isoqsltd.com.

3. We can help you implement ISO 27001

Businesses with ISO 27001 are already half way to achieving compliance. Certification is normally achieved in eight weeks, regardless of the business size or sector.

One of our expert auditors will carry out an initial assessment. This process involves a gap analysis, identifying areas of non-compliance, recommending areas of improvement to meet the requirements and the gathering of information to compile documentation.

Once you are certified, we work with you to ensure you stay on track. We help you monitor your progress with a six monthly review from our expert auditor and an annual recertification audit. We also provide over the phone support all year to help you keep on top of things.

I already have ISO 27001, do I need to worry about this?

You do, but you’ve already got an advantage in that many of the processes within ISO 27001, such as disposal of media and security of equipment, are great best practice for complying with GDPR. If you require any help, we can arrange for one of our consultants to conduct a gap analysis to help bring you up to compliance. Alternatively, take a look at one of our upcoming GDPR training courses.

We’re an existing client, is GDPR included in our package?

The GDPR is not a change to an international management system, it’s a fundamental shift in the way data is used and stored within your business’s operations. As such, we cannot issue an update to a manual to help you achieve GDPR compliance.

To give another example, if we help a client run a BS 18001 Health & Safety management system and new H&S legislation comes in, such as a change to manual handling, our client will still need to make operational changes to ensure compliance with the new legislation.

Take your time: Get it right

William Stebbings is a Senior Associate Solicitor at business law firm Sherbornes Solicitors. He has practised commercial law for 38 years and has a special interest in data protection, Intellectual property and competition law.

GDPR has taken on some kind of mystical unfathomable status that it does not deserve. It’s clear why so many small business owners are worried about it. It cannot be codified into a simple list of numbered rules and many advisors are frightening businesses in an attempt to win business.

However, it does not deserve the status of number 1 worrying risk for a business and it can be solved fairly easily with a simple, methodical approach. The key message is not to rush and get it wrong.

The Information Commissioner has stated very clearly that she is growing tired of the scaremongering and that, as long as you are compliant with the old regime, and are genuinely working towards complying with the new, she will not penalise any business during the first 12 months. So, slow down and get it right, as this leniency won’t last forever.

• Start working toward compliance now, if you haven’t started already. It will take some time.

• Document each step you take, so that if you do make a mistake in the future, you can show that it is not because you have failed to take GDPR seriously.

• Conduct a Data Audit. Get your senior managers involved and document all forms of personal data that you hold. This could be email addresses, CCTV footage, names and addresses, payroll information. List it all, no matter how trivial.

• Once the audit is complete, identify for each class of information, whether and how you process it.

• Identify for each type that you process, the reason that you process it. There are 6 permitted reasons. It may be hard to change the reason at a later date, so it’s best to get this right. The 6 reasons are:

1. Consent of the individual

2. Contractual necessity

3. Compliance with a legal obligation

4. Protection of an individual’s vital interests

5. Performance of a public task

6. Legitimate interest

• Perform a risk assessment (very similar to a health and safety risk assessment) to identify what risks there are to the data, and how you can eliminate or minimise these risks.

• Review your contracts, policies and procedures to include the measures that reduce or illuminate your risk.

• Train key staff on the changes and their obligations.

It’s little more than a route map. There are numerous professional firms out there willing to help you with the process, but don’t just buy a set of policies that are described as GDPR compliant, because without the above process, they can’t necessarily be compliant and useable. Take time and care, and get it right.

Coming, ready or not

Brightman, the Gloucestershire-based IT consultancy, is running an initiative to provide free GDPR support to local charities.

Southmead Community Centre in Bristol is just one of the charities to benefit from Brightman’s complimentary GDPR service, which consists of consultancy and workshops over a number of days.

Brightman feels strongly about giving back to the community, and its “Helping Hands” programme is aimed at offering free advice to charities on a range of topics that could affect their business. GDPR is the first topic to be supported under the Helping Hands initiative.

Brightman is asking for other charities to register their interest in the service on their website here.

0 comments

Welcome , please leave your message below.

Optional - JPG files only
Optional - MP3 files only
Optional - 3GP, AVI, MOV, MPG or WMV files
Comments

Please log in to leave a comment and share your views with other Cotswold Life visitors.

We enable people to post comments with the aim of encouraging open debate.

Only people who register and sign up to our terms and conditions can post comments. These terms and conditions explain our house rules and legal guidelines.

Comments are not edited by Cotswold Life staff prior to publication but may be automatically filtered.

If you have a complaint about a comment please contact us by clicking on the Report This Comment button next to the comment.

Not a member yet?

Register to create your own unique Cotswold Life account for free.

Signing up is free, quick and easy and offers you the chance to add comments, personalise the site with local information picked just for you, and more.

Sign up now

More from Cotswold Life

52 minutes ago

People travel from far and wide to visit the Cotswolds at Christmas. We’ve compiled 24 reasons why you should join them.

Read more

The weekend is fast approaching and for those still deciding how to spend their Friday through to Sunday, we pick 5 of the best ways to spend your weekend in the Cotswolds

Read more
Friday, December 14, 2018

The Cotswolds are abundant with picture perfect locations ideal for a ramble. Gather loved ones, wrap up warm and blow away the cobwebs with one of these winter walks in the region

Read more
Friday, December 14, 2018

Helping clients through divorce, separation and disputes over children, we talk to 8 divorce lawyers in the Cotswolds

Read more
Friday, December 14, 2018

We’ve some extraordinary, and inspiring, women in business in the Cotswolds. We talk to 7 female trailblazers in local industry who offer the business advice they’ve lived by

Read more
Wednesday, December 12, 2018

Swan Lake. We know the music, we know the iconic imagery of the beautiful ballerina dressed as a swan, but I’m guessing that without reading the libretto in the program, most people don’t know the story. Which is why the audience relies on the dancers to tell us.

Read more
Wednesday, December 12, 2018

Tom and Louise are being joined by other new academic appointments that have been made as part of the RAU’s £2.5 million initiative to help meet the future needs of the land management and agri-food sectors

Read more
Wednesday, December 12, 2018

“To win this prestigious award is a real compliment to the wider team in Renishaw’s manufacturing services operation, particularly when we consider the achievements of the other excellent shortlisted companies.”

Read more
Tuesday, December 11, 2018

Stepping up to receive the world’s first MBA Leading Business degrees at the ceremony were Sarah Bryars, Chief Executive of Target; Luke Freeman, Joint Chief Executive of MF Freeman; and Linsey Temple, Chief Executive of Gloucestershire Engineering Training

Read more
Tuesday, December 11, 2018

“I am thrilled to see InfoSec People win this fantastic award which is a testament to the brilliant team we have built in the past few years.”

Read more
Tuesday, December 11, 2018

After a stress-free shopping experience browsing designer brands this Christmas? Look no further than the luxury offerings of Mailbox in Birmingham

Read more
Tuesday, December 11, 2018

This year sees the 40th anniversary of the publication of Raymond Briggs’ original picture book The Snowman. With three performances of the animated film – with live orchestra – coming to Gloucester Cathedral next month, we thought we’d catch up with Rachel Whibley, managing director of Carrot Productions (and occasional snowman), to find out more...

Read more
Monday, December 10, 2018

It’s the season of terrible puns, magic lamps, and generous genies: Aladdin, the all-new panto at the Everyman, has been written by none other than legendary Blue Peter presenter Peter Duncan, and stars everyone’s favourite clown, Tweedy. The Barnard family from Nailsworth - mum, dad, Harriet (12) and Lewis (6) - made a Wishee (Washee) for tickets; grabbed their car (Window Twan) keys; and dashed off to see A Ladd In Cheltenham

Read more
Monday, December 10, 2018

Crispy, frosty days and perhaps even a dusting of snow, winter is a magical time in the Cotswolds. If you’re thinking of tying the knot during this beautiful season in the region, here are six winter wedding ideas to help you start planning your special day

Read more

Newsletter Sign Up

Sign up to the following newsletters:

Sign up to receive our regular email newsletter

Our Privacy Policy

Topics of Interest

Food and Drink Directory A+ Education

Subscribe or buy a mag today

subscription ad

Local Business Directory

Property Search