Finally, data protection and in particular the General Data Protection Regulation (GDPR) have hit the headlines. Whilst most of the reports suggest this is a new piece of legislation or something that is to help position the post-Brexit UK within the European and global markets, this is not quite the case. GDPR has been on the radar since May 2016 and we have been assisting a number of clients and organisations since that date.
Although the eye watering fines are always likely to attract the headlines, rather than shut the doors now, all businesses need to be taking some sensible steps in firstly identifying the gaps and risks within their current data protection procedures, then working out what remedial action is necessary.
This is not an IT issue. This is not something that can be sorted by buying a policy off the shelf. This needs buy in from the owners of the business and involves a very frank audit and review of the data being collected to understand and record.
- why that data is being collected,
- where the data is being stored,
- who can access the data,
- how long is the data being retained for and
- what security measures are in place to protect that data.
Whilst only mandatory for those businesses with more than 250 employees, we recommend that all businesses should consider appointing a Data Protection Officer, which is someone who has overall control, not just for managing the journey towards compliance by 25 May 2018, but for staff updates, for staff training and for the ongoing annual audit.
Our Data Protection team is taken from our Corporate and Employment Departments and have been working in conjunction with a number of organisations and clients. To help you with your first step, we have pulled together a questionnaire. We would be happy to discuss with you the outcome of your questionnaire, so feel free to contact either Graham Millar firstname.lastname@example.org or John Kielski email@example.com within the Data Protection Team.