Expertly put together, encompassing all aspects that are needed in trying to grow a business.
What is the GDPR?
Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.
GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.
What does GDPR apply to?
The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).
One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance. Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.
Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.
Organisations will also have to think about existing DPA consents. The ICO’s advice is that:
‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’
Where the current consents do not meet the new GDPR then action will be needed.
The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).
The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.
- marketing workshop 1
We moved to Sibbalds 18 months ago, after we had previously spent the last 7 years working with large regional firms. We didn’t feel like we got the service we deserved, or the support we needed to grow the business and minimise our tax liabilities.
David Bowler and his team have helped us in so many ways, from producing quarterly management accounts and pro-active tax planning, through to completion of our P11D forms and annual returns. They are always available at the end of the phone to answer our queries, and best of all they actively look for ways to help us and recommend ideas that can help us improve our profits.
They are professional and reliable, and we think of them as part of our team and would highly recommend them to other business owners who want to improve their business performance – in fact we have done so on a number of occasions!Andrew Constantinou
Managing Director, George’s Tradition
Beryl delivered a great workshop and gave some excellent insights on how to get our message across to our clients.marketing workshop 2
Free no obligation consultation
We offer a free no obligation meeting where we can assess your needs depending at what stage of the conversion process you are at. Our fees are fixed and any additional services required are always agreed in advance before work is carried out.