Two decades ago the business community was told that the imminent and immovable arrival of the year 2000 would bring the universe to its knees. Computer systems would crash, planes would fall out of the sky, bank balances would vanish, and the world would stop spinning. The only solution was to upgrade all your IT systems or employ expensive consultants to save your business from the impending doom. Suffice to say that very little actually happened that night, and everybody went joyfully back to work, albeit wondering what all the fuss was about.
Fast forward a couple of decades and it seems the latest ‘merchants of doom’ are threatening us with something called General Data Protection Regulation (GDPR, to its friends). This new legislation comes into force in May this year; May 25th to be precise, a Friday. And any business that is not compliant with the new regulations by that date will immediately be liable to fines which have lots of 0’s in them… or so we are led to believe.
But is this just Y2K all over again, or are we really going to get in serious trouble come May 26th (a Saturday) if we are not GDPR compliant?
Well here is what we definitely do know:
a. GDPR has been passed as new European legislation and will come into force on 25th May this year. And before you ask, leaving the EU will not impact its implementation as there is currently a bill going through parliament that will bring it into law. So we are stuck with it.
b. The legislation will be managed and policed by the Information Commissioner’s Office (ICO, to its friends), who are employing extra staff to ‘help’ with its delivery.
c. The ICO have described GDPR as (and I quote, from their website): “… a living document and we are working to expand it in key areas”. You can interpret that how you wish, but it does look like the finished article to me.
d. There are plenty of ‘GDPR consultants’ charging large fees to help businesses and organisations to implement the legislation and reach the holy grail of GDPR compliance.
e. For most businesses, GDPR compliance can be achieved in-house and without spending large amounts on external ‘experts’.
Ironically the core basis of GDPR makes sound business sense. Not only is it about compliance but also trust – your customers, clients, employees and suppliers having the trust in you that you can to keep their personal details safe, handle it appropriately and not abuse that trust. You wouldn’t expect your personal data to be left lying around or freely accessible and those that you handle data on behalf of should expect no less from you.
The GDPR is designed to ensure that businesses and organisations have the proper, informed consents in place or another lawful basis (set out in the GDPR) to process and use data from customers, clients, suppliers, prospects and staff. Compliance includes amongst other things, identifying and documenting all the different data and data sources in your business, including print and electronic, understanding on what basis you are permitted to use it from the data owner, keeping it safe and sound and if someone processes that data on your behalf, that you ensure that they are handling it properly and responsibly.
Else Solicitors have been working with our clients over the last few months to help them understand and implement GDPR. As part of this process we have run a range of free workshops and produced a worksheet that you can use to get you on the way to GDPR compliance. Both the workshops and worksheet are available to any business or organisation that needs advice or support. Our next free event on GDPR event is Tuesday 24th April at Branston Golf & Country Club. It’s free to attend, and will be led by Adam Gilbert, Partner and Head of Corporate & Commercial at Else Solicitors. Full details and booking information can be found at: http://elsesolicitors.eventbrite.com
Or you can contact Adam directly on firstname.lastname@example.org or 01293 526200