On 25th May 2018 GDRP will apply in the United Kingdom it has been confirmed that leaving the European Union does not affect the implementation date and failure to comply could leave businesses with a potential fine of 4% of its annual turnover and risk of losing clients.
Currently here in the UK with have the Data Protection Act 1998 which businesses have been compliant however as from May 2018 GDPR replaces the DPA.
No businesses that holds data is exempt from this new legislation including Schools, colleges. Universities, local authority’s agencies, housing associations, hospitals, Banks and so the list endlessly goes on, every business or governing body must comply by Law with GDPR.
A number of the larger businesses and institutions have already started by appointing a dedicated DGPR project manager who will most definitely need to seek professional advice on this matter.
Where does that leave the sole traders SMEs and independent high street businesses with what appears to be one size fits all policy.
The Government as produce a number of helpful information documents, along with regional presentation seminars available to help and guide SMEs businesses through this transitional period.
Which will inevitable will mean incurring additional costs and greater legal responsibilities for businesses.
Here are steps which will help you to prepare your business for the introduction of GDPR.
(1) Visitor free presentations on the topic in your network
(2) Read all the free information on government websites
(3) Review and update your current data protection policy
(4) Make sure your IT system as the facility to delete data
(5) Have steps in place for clients and employees consent
(6) Check all existing privacy notices and update accordingly
(7) Issue a notice to all employees identifying legal changing
(8) Run an information workshop for all employees
(9) Document an Audit trail to demonstrate your compliance
(10) If you’re not clear on any aspect of GDPR ask the regulator
Experience has taught me that when new regulations or guide lines are introduced for businesses the acid test will be the first prosecution brought to court by the GDPR regulators.
Wait for the son of GDPR “Have you been miss sold” claim
“MAKE SURE IT’S NOT YOUR BUSINESS”
This blog was produced by Tony Moran, Founder /Director of The Business Executive Club meeting monthly at Denton Golf Club. Their ethos is Excellence through Experience.