GDPR - General Data Protection Regulation
The GDPR comes into force on 25 May 2018 and all businesses need to comply this new data protection law in how they handle personal data. This is a major change in the law with regards to the Data Protection Act that first came into force in 1984 for paper records and was updated with 1998 to include electronic records. The GDPR will replace the Data Protection Act.
The GDPR will:
- expand individual data protection rights including the right to forgotten
- toughen the ruel on individual consent to processing of sensitive data
- shorten the time scale for responding to ‘subject access requests’ from 40 days to one month, and removing the £10 fee
- require organisations to report any data breaches which ‘risk the rights and freedoms of the individual’ to the regulatory authority and, where there’s a high risk of this, to the individual affected as well.
Breaches of the GDPR may lead to fines of up to 20 million Euros or 4 per cent of global turnover, whichever is the greater. Enforcement of the new rules rests with the Information Commissioner’s Office (ICO)
On 13 September 2017, the government introduced a new Data Protection Bill which will:
set new standards for protecting general data in accordance with
the GDPR, while retaining certain UK exemptions
- implement the EU’s law enforcement directive (concerned with the prevention, detection and prosecution of criminal offences).
The ICO recommends reading the GDPR alongside the Data Protection Bill, because the regulation has direct effect in the UK while the Bill pulls in matters not covered by the regulation.
It's important to prepare ready for 25 May 2018 so that the management of personal data on living individuals (employees, customers, consumers, contractors, third parties) is legally compliant. The government has declared its intention to enforce this law.
We can help to provide guidance on what you need to do to comply with the GDPR making recommendations regarding an audit on personal data flow within your organisation and with third parties. You will need to assess the controls in place and risk assess improved controls. You will need to consider security and draft paperwork to support the GDPR process.
GDPR Services and Products
You may feel you don't have the time or skills to deal with this which is where we can help. We can do all the hard work for you and review your data protection processes by auditing your company personal data practices and procedures. We will identify any gaps that may place your company at risk of non-compliance with the GDPR in relation to the collection, use, storage, security and deletion of personal data. This will be highlighted in a report containing recommendations and an action plan. We can then provide you with appropriate templates, policies and procedures to ensure you will be compliant. For more details about our GPDR audit please call 07762 771290.
Should you need GDPR training to be delivered in your organisation we can provide this. We will explain what the GDPR is all about in clear simple language providing key information so your staff can comply with the GDPR. We will discuss roles and responsibilities, key duties, compliance, subject access requests, dealing with a breach, etc. Please call 07762 771290 for more details or click here
GDPR Compliance Toolkits
We offer a range of paperwork based packages to help you comply with the GDPR.
Bronze GDPR compliance toolkit
Provision of data protection audit tool to identify your compliance gaps.
Silver GDPR compliance toolkit
Provision of data protection audit tool, data protection policy, privacy notice, data protection officer job description
Gold GDPR compliance toolkit
Provision of data protection audit tool, data protection policy, privacy notice, data protection officer job description, subject access request form, data processor agreement, data processing activities template, IT security policy, asset management policy, asset management register.
Choose your GDPR compliance package and buy now
To discuss our GDPR toolkits, a GDPR audit or GDPR training call us now on 07762 771290 or email firstname.lastname@example.org
Office Address : Stuart House, East Wing, St Johns Street, Peterborough, PE1 5DD
Tel: 07762 771290
Registered in England and Wales; registered company no. 6211388
Registered Office: Moulton Park Business Centre, Redhouse Road, Moulton Park Industrial Estate, Northampton, NN3 6AQ