Data is a valuable asset but how you use individuals’ personal data is a very sensitive issue and complying with data protection laws is not only a legal requirement but can make or break the trust of your customers and prospective customers and give rise to serious reputational issues.
The way that businesses collect, process and retain personal data will be subject to new legislation from 25 May 2018. This new legislation, the General Data Protection Regulation 2016 (GDPR), will place greater compliance obligations on businesses and give individuals more rights. But more importantly, if you fail to comply you could be liable for fines of up to 4% of your company’s global turnover!
Think this will not apply to your business? – it will. For example: if you
- keep personal data about customers and potential customers
- have a website that collects personal data (eg via cookies, an enquiry form or subscribing to newsletters)
- have companies based outside the EU that offer goods or services to people in the EU
- process personal data on behalf of another company (meaning that you are a data processor).
Think you don’t need to worry about it now? – you do. Although the GDPR is not yet in force, you should not underestimate the extent of changes which you will need to make, and the financial costs which you will incur (for example, you will need to update your internal and external systems, processes and procedures). You need to act now.
Fact finding, careful thinking, planning and operational implementation will all be needed. You can’t collect everything, keep it forever and worry about it later. You need to start assessing your level of awareness and readiness for compliance now – waiting for 2018 to arrive will be too late. And, you will definitely need a transition plan!
Our Data Protection Team has the expertise and experience to guide you through the transition from the current data protection laws to the GDPR. In particular, we can:
- advise and assist you with drafting a transition plan
- advise and assist you with auditing the data you hold including what type of data you collect and why, and how you use and store it
- review internal and external policies and procedures, including privacy policies, data breach response plans, data retention policies, data protection strategies, and binding corporate rules and help you update these in line with the GDPR
- review and update data protection clauses in your contracts with third parties (including contracts which you have in place with your suppliers and customers, as well as your employment contracts)
- draft template documents for subject access responses, breach notifications, and breach registers
- support your Data Protection Officer (if you fall within the requirements under the GDPR to appoint one) and
- deliver ongoing training to your senior management and staff.
It might seem that the GDPR is destined to destroy your ability to find new business and keep in touch with clients and contacts. That’s not its aim – an individual’s right to protect their personal data is not absolute and has to be balanced with (among other things) your freedom to conduct business. It will be a time-consuming and costly exercise but as long as you have a robust and properly thought-out transition plan, and support in the areas where you need it, you will still be able to find new business and keep in touch with clients and contacts.
What will it cost?
As DataPROTECT® will be very specific to your business, the cost will very much depend on the level of support you need. We will provide you with a fixed fee, wherever possible, and, in all cases, we will ensure you are always clear about our costs in advance.
How can you find out more?
For more information on how we can assist you or for a confidential, no obligation, initial discussion, please contact: