Call our team on:

(01792) 468684

General Data Protection Regulations (GDPR)

It is now increasingly common for the news to contain stories of significant data losses. These are both embarrassing for the organisation concerned and potentially extremely expensive to sort out.
desk

It is now increasingly common for the news to contain stories of significant data losses. These are both embarrassing for the organisation concerned and potentially extremely expensive to sort out.

There are, of course, many ways in which data losses can occur. They can range from the result of aggressive hacking but can also, and more commonly perhaps, be due to carelessness or a simple lack of awareness on the part of an employee.

The first, and perhaps most obvious, way to minimise the risk is to stick to the rules. Those rules are about to change, so it may be sensible to consider the changes being introduced and reassess how your organisation handles the data within its control.

In a forthcoming series of blogs, we propose to consider the changes to data protection law. Let us begin by considering the General Data Protection Regulations (GDPR).

The GDPR comes into force on 28 May 2018. It is as a result of an EU directive. And although it might not, at this stage, be crystal clear what will happen after Brexit, it seems almost a certainty that the UK will adopt the GDPR into UK law, pretty much as it is. This is because UK companies trading with the EU will need to be compliant with the GDPR. There is, therefore, no escape.

So, who is covered by the GDPR? The technical answer is anyone who is a controller or processor data. It does not, generally, however, apply to individuals processing data for their own purposes. If you are already covered by the requirements of the Data Protection Act, you will be covered by the requirements of the GDPR. So if you are a business employing people, storing customer details, processing orders and arranging delivery, you will be covered.

The GDPR apply not only to data stored on a computer, but also to data stored in a manual system where it is accessible according to specific criteria. This could be an alphabetical or chronological filing system of paper files. If you operate such a system, and are not registered as a data controller, you should review that position.

As ever, if you have any doubt as to where you stand legally, it is best to take advice. We would be happy to help.

Call 01792 468684 or email enquiries@pgmsolicitors.co.uk.

Related Articles

Keep up to date with employment law changes in the UK, including legislation that businesses and employees should be aware of.
Not the most exciting part of owning a website - but nonetheless, essential to note that certain information must be included in order for your website to be legally compliant. This process can often be forgotten about until of course, something goes awry.
A business dispute can be a disagreement between two businesses over the terms and/or performance of an agreement, which could have been made either in writing or verbally. As set out in the remainder of this blog, business disputes are not always contractual.