Preparing Your Business for Changes to Data Protection Laws
Several procedures in the workplace are governed by laws, and as a business-owner, it’s your job to know what they are, and how to operate without acting illegally.
Forthcoming changes to data protection laws are likely to impact your current business practices, and you may require expert help from an HR specialist to ensure that you remain legally compliant. Here’s more information about the updated GDPR, and what it means for your company.
Explaining the General Data Protection Regulation
The GDPR is an EU directive, which will officially come into force on the 25th May, 2018. It will replace the existing Data Protection Directive, and change the way in which enterprises approach data privacy.
As such, all businesses in the UK will need to review their current handling of data, to ensure they’re fulfilling the new data protection criteria.
A New Set of Rules?
The new GDPR won’t replace the original Data Protection Act. Instead, it will include new regulations, such as:
- Data protection officer required. You’ll now need to appoint a specific Data Protection Officer, who will be in charge of ensuring compliance across the company.
- Employee consent now no longer enough. It’s no longer adequate to have basic consent to obtain and store data, as this can be ambiguous. Instead, the new focus will be on specific, clear and informed consent, which can be shown to the relevant authorities if required.
- More rights for those who are subjected to data processing. The law will shift, granting more rights to those who are the subject of data processing, rather than the company holding the data.
- More accountability. As a business-owner, you’ll need to put procedures into place to demonstrate that you’re making data protection a top priority.
Where to Start?
With the changes coming into action in only a few months’ time, it’s imperative to get prepared as swiftly as possible, especially as the penalties for non-compliance will be far higher. Remember, if you’re feeling overwhelmed by the changes, an HR expert can assist.
If you’re taking on the task yourself, you’ll firstly need to review your current practices. Make sure that:
- All data is gathered lawfully and transparently.
- All data is kept up-to-date.
- All data is only kept as long as it’s required.
You’ll need to demonstrate compliance by:
- Appointing a Data Protection Officer.
- Training staff.
- Keeping records of all data collection and storage.
- Conducting data protection impact assessments.
Additionally, you’ll need to give consideration as to how you obtain consent. When requesting consent, the request must be unambiguous and clear. You must also be able to provide evidence of consent if required.
If the worst happens and a data breach does occur, you’ll need to report it to the data protection authority. You only have 72 hours to do this, and failure to do so can result in a fine. Those affected by the data breach (if it’s severe), must also be informed of the situation.
HR Expert – Helping Businesses Across the South-West
If you’re concerned about the forthcoming changes to data protection laws, get in touch with Harris Law. We’re experienced HR experts, and will review your current practices, then recommend changes to ensure you remain within the law. To find out more, simply call us on 01803 861086 today.