The General Data Protection Regulation (GDPR) will come info force on 25th May 2018 – by which time your organisation needs to be compliant with the new rules in respect of personal data and to have a framework in place which clearly demonstrates this.
As of May 2018, any data of individuals should be completely secure and your systems should support privacy by default.
Failure to comply with the rules, which results in a serious data protection failing, could end in punishment by the Information Commissioner’s Office (ICO) by means of a stiff administrative fine.
In addition to the above fine, organisations must take into consideration the other very real negative impacts involved if a cyber attack occurs. If you lose the personal data of your clients through a preventable breach, you will be liable for compensation to the victims, and the accompanying bad publicity will no doubt result in a significant loss of customers and drop in sales.
So how might the GDPR changes affect you?
Family Law – do you hold data in respect of families including children? This could be numbers, location or online identifiers? If so, you need to ensure the data is completely necessary for a legitimate purpose – otherwise you should remove it
Conveyancing – does your organisation hold personal details for those interested in buying and selling a house? Did you obtain these details through ‘freely given’ consent? Are you still using data which might be completely out of date? You need to be confident that the data is current and obtained appropriately
Commercial – are you starting a business and developing a database of clients and contacts? How robust are your systems for gaining the necessary data and keeping it safe? Start as you mean to go on
Employment – do you hold data for all of your employees and is all of it absolutely essential for your legitimate purposes? Do you keep data of ex-employees and, if so, how long for? Are you aware that stronger data subjects’ rights mean the right to be forgotten and the right of access?
Civil Litigation – if you are a commercial or residential landlord you need to review and update data protection policies, record keeping procedures and methods of archiving and deletion of personal data
If you have any concerns regarding your GDPR responsibilities, contact Tarsem Sangha at Seymours
Solicitors: law@seymours.co.uk, Coventry 024 7655 3961 | Leamington 01926 350031.
Комментарии