White Paper: Understanding the new General Data Protection Regulation (GDPR)
Last updated: 2021-05-28 (originally published on 2018-05-24) — by Alex Tanglao
The new General Data Protection Regulation (GDPR) comes into force on Friday 25th May but what do you need to know and what steps should you be taking? Don’t be fearful of the looming deadline. The most important thing is that you can demonstrate you are taking steps towards compliance when the law changes.
Why and how is the law changing?
This new privacy law replaces the Data Protection Act (DPA) 1998. At 20 years old, the old laws are well past their best. Technology has evolved at such a fast pace that these new regulations are necessary to align the tech with the law.
The new regulations are not a complete change, rather they are an evolution of the existing laws. Indeed many of the new GDPR’s regulations main concepts and principles are much the same as those in the current DPA which you should already be complying with. These principles remain valid under the GDPR so you should already be on the path to full compliance. There are however a some improvements and new elements to consider and therefore you may need to make some changes and take some additional steps.
The main concern is how personal data is collected, processed, stored and shared. Personal data is any information that can be used to identify a person. This could be anything from name, contact info, religious beliefs and even information on cultural background and mental health history.
How does new GDPR regulations affect you and how do you ensure that your business is compliant?
So What Steps do you need to take with data protection law changes?
According to the Information Commissioner’s Office (ICO), there are 12 steps that businesses need to take to prepare for the implementation of the new GDPR regulations into UK law:
- Awareness: Ensure that decision makers and key people in your organisation are aware that the law is changing to the GDPR.
- Information you hold: Document what personal data you hold, where it came from and who you share with it.
- Communicating privacy information: Review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
- Individuals’ rights: Check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
- Subject access requests: Update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
- Lawful basis for processing personal data: Identify the lawful basis for processing activity in the GDPR, document it and update your privacy notice to explain it.
- Consent: Review how you seek, record and manage consent and whether you need to make any changes.
- Children: Assess whether you need to put systems in place to verify individuals’ ages and obtain parental or guardian consent for any data processing activity.
- Data breaches: Ensure you have the right procedures in place to detect, report and investigate a personal data breach.
- Data Protection by Design and Data Protection Impact Assessments: Familiarise yourself with the ICO’s code of practice on Privacy Impact Assessments and the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.
- Data Protection Officers: Designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements.
- International: If your organisation operates in more than one EU member state, determine your lead data protection supervisory authority.
For more resources for preparing your organisation for the upcoming changes to the data protection law, check out the ICO’s Guide to the GDPR.
What happens if you don’t comply?
The important thing now is to make sure you can demonstrate that you are actively taking steps towards compliance. Non-compliance comes with a hefty fine which could be up to 4% of your company’s annual global turnover. You will also be breaking the law which isn’t the best idea for the reputation of your company. Customer loyalty will certainly be adversely affected if you are fined for non-compliance. Remember, if you hold or process and personal data of any citizen of the EU then you are compelled to comply with the GDPR, even if your business is based outside of the EU.
Zegal can help you prepare.
So are you ready for the biggest change in data privacy regulation in 20 years? Remember It is your responsibility to demonstrate your compliance to the new regulations.
Zegal can help you keep ahead of the regulations. Our document library has been updated with lawyer-reviewed changes to ensure GDPR compliance. These documents now include clauses which are relevant to the GDPR.
- Information Audit Form: to help you map data flows in your organisation
- Security Audit Form: to let you document your technical and organisational measures to ensure data security
- Data Processing Addendum: to ensure your existing data processors comply with applicable data protection laws
- Employee Privacy Notice: to inform your employees and contractors of their privacy rights
- Letter to Amend Employment Contract: to bring employment contracts already in place in line with data protection requirements
We also have some new documents available to help you address GDPR requirements (available to all Professional and Premium Plan users):
- Data Processing Addendum to ensure your existing data processors comply with applicable data protection laws
- Data Protection Policy to inform employees about the company policy they should follow to ensure the protection and security of personal data when employees handle the data in job-related activities.
- Information Audit Form and Security Audit Form to help you map data flows in your organisation
Click here to learn more about our GDPR compliance toolkit.
If you have questions or concerns about how your information is handled by us, please contact us at firstname.lastname@example.org
No results found
Freelancer Guide to IR35
If you're a freelancer in the UK, you'll be needing to understand whether you fall under the scope of the new IR35 regulations or not.
How to be outside IR35
With the April tax changes in the UK, consultants, freelancers, and contractors may need to make some small adaptions to the way they work to make sure they can clearly be outside IR35 for their next tax return.
ZEGAL SEES HUGE CUSTOMER GROWTH IN THE UK
Zegal, the end-to-end legal platform for small businesses, launched in Australasia, sees tremendous growth in the UK.
How does Share Vesting work?
Share vesting is the process by which a company gives its equity to its employees or consultants. Find out how exactly share vesting works:
Zegal and 360 Law Group to help bolster the UK small business economy
Zegal, the end-to-end legal platform for small businesses, and 360 Law Group, give UK companies ability to control their own legals from home
What is IR35?
You may have heard the term bandied around but what exactly is IR35? If you are self-employed, or employ contractors of any sort, you need to invest some time investigating this term.
Am I Inside or Outside IR35?
The new UK IR35 rules for off-payroll employees refer to a person's status as being either inside or outside IR35. Here's what that means:
Optimizing Document Workflow While Remote Working
Documents are an essential part of business operations. Learn how to maintain and optimize the document workflow while working remotely.
Legal Considerations When Starting a Small Business
Knowing what you need to iron out when opening your business will help you to avoid extraneous costs in the future as well as potentially saving you from losing your hard-built business if you run into any legal battles.
Virtual Assistants: Game Changers for SME Customer Engagement
Virtual assistants have many essential roles to play providing support services to small and medium businesses. Basically, they are contractors who work to provide administrative services for SME clients.
The 8 Best Software Tools For Small Business
Choosing the right software tools for your small business that will do most of the job with minimal effort —and most importantly— affordably, is essential.