Category


Archive

General Data Protection Regulation (GDPR)

Tuesday, January 23 2018

Did you know you could be fined up to  €20 million (or 4% of turnover if less) if you don't comply with the new regulations after May 2018?

This applies to all UK businesses and will NOT be affected by Brexit.  GDPR will supersede the current Data Protection Act!

What does GDPR do?

Although large and complex, it can be summarised as "designed to protect the data of EU citizens and residents, wherever stored", but what does that mean in reality?

All businesses will have to demonstrate how they are complying with these new regulations...so you only have a few months to get systems in place!

Don't forget, this is not just electronic data, it includes all paperwork and files kept by the business (either in the office or in storage). 

What does this mean for my business? 

You will need to identify:


You will also need to establish policies for handling, processing and retaining data in order to demonstrate compliance.

Personal data

Individuals will have rights to be forgotten with all data pertaining to them being deleted, where legislation allows.  This is why organisations need to be able to quantify what they hold, where it is held (location and format) and who has access to it.  Systems need to be implemented allowing personal data, held in both electronic and paper form, to be located and deleted across the organisation.

What should I do next?

Carry out a review of your processes and policies, but bear in mind this should be relevant to the size, complexity and type of business and more importantly, the data you collect.  

For example, a chemist, doctors surgery or dentist with turnover of £0.5m may collect a lot of personal data and as a result, their GDPR policies and systems may need to be far more complex than a manufacturer with turnover of £50m!

Where can I get more information

While we are not data experts and cannot, therefore, perform your data reviews for you, there is good information available at www.ico.org.uk.  We also have a GDPR guide for electronic systems from ICAEW - please email Ian Smith at iansmith@ryecroft-glenton.co.uk for a copy.

Next month we will expand on the review process, identifying data (especially personal), the systems needed to notify breaches in security and other GDPR requirements.

 

Latest News

Contact Us

If you have any questions, please do not hesitate to get in touch

About Us

Ryecroft Glenton, founded 1901, is an independent, award-winning firm of Chartered Accountants and strategic business advisers giving personalised support to every one of our clients.

Sign up to our Newsletter

Subscribe to our email newsletter for useful tips and valuable resources sent out every month.

Contact Info

Address: 32 Portland Terrace Newcastle upon Tyne. NE2 1QP

Telephone: 0191 281 1292

Fax: 0191 212 0075

Email: email@ryecroft-glenton.co.uk