You need to prepare now for the new law that starts in May 2018
The New Law
The Date Protection Act 2017 (DPA 2017) is currently going through Parliament. It will enshrine the EU General Data Protection Regulation (GDPR) in English law and it will come into force on 25 May 2018. The UK's decision to leave the EU will not affect the commencement of GDPR.
You will have received lots of material about GDPR that set out the problems, but which doesn't guide you to practical solutions. This article is different because in addition to pointing out the problems we are proposing a solution that involves us working with you and technology expert, Bernard Heilpern of Technically Clear.
What you need as a business is an analysis of how the DPA 2017 will apply to you and a technology solution that will identify the issues and how they can be resolved.
Outline of the Main Issues and what you will be required to do
First let us outline the main issues and what businesses are required to do; this list is not exhaustive:
- analyse and document what personal data you hold about living people, where it came from and who you share it with, and decide what procedures you need to put in place.
- seek and obtain positive 'opt in' written consent to the sending of marketing material to a recipient, have a facility so such consent can be withdrawn easily, and maintain an up to date list of those who currently consent. Any existing 'opt out' consents will not suffice.
- be able to respond to requests by clients or customers, such as:
- Right to be informed
- Right to rectification (to correct the information held)
- Right to access
- Right to erasure
- Right to restrict processing (to know how the data will be used)
The Act significantly increases maximum fines up to the higher of 2% of annual turnover worldwide or €10m. In certain cases, it can be the higher of 4% of worldwide turnover and €20m but that scale of fines will be only likely to apply to large corporations. Also, the Information Commissioner's Office may order processing to stop until an organisation is GDPR compliant, which would be disruptive. However, the level of fines for small to medium sized companies will be high. Compliance must therefore be taken seriously.
Obtain a report from us at a cost of £200
We are working in collaboration with Bernard Heilpern of Technically Clear, an IT specialist. Therefore we offer a service of providing a report which includes liaising with Bernard in order to:
- analyse the scope of the service required to comply with DPA 2017
- consider jurisdiction and the transfer of the data to other countries
- assist with the compliance program and software including data audits, data-mapping and supplying compliance reports
- settle policies procedures and contracts
Summary: For the fixed price of £200 we will deliver a report that will analyse your needs and will outline a combined legal and technology solution. It will recommend what needs to be done, how to present data information and how to prevent access to your data information.
Contact us: If you would like us to help contact Lynne Brooke on 07717 813925 or via email.