What Exactly Is The GDPR?

GDPR stands for General Data Protection Regulation. It is a new European-wide data protection law that is due to come into effect on the 25th of May 2018. It applies to all businesses in the UK, including the self-employed that are currently affected by the Data Protection Act of 1998.

If you are dealing with data from individuals from the European Union then it will apply to you as well. There are some exemptions for businesses with less than 250 employees. Since 1998 there have been so many technological changes, the amount of data we use has gone up exponentially, and continues to grow.

The new law came about to improve the existing Data Protection Act, making it relevant to current times so our data can be safer and we can have more control over it. It also aims to establish a unified set of data protection rules across the member states of European Union.

GDPR aims to protect individuals information, by making companies more responsible for how they handle the data they collect. This includes data about employees, clients, and suppliers as well. There are fines of up to £17 million or 4% of turnover (whichever is greater) for those who fail to comply with the new regulations.

Even though the UK is due to leave the European Union in 2019, UK businesses will still have to comply with the new laws from when they are implemented in May. It is widely believed that the GDPR law will become UK law after the transition period.

So What Steps Can You Take To Ensure That You Are Compliant?

If you are self-employed or run a small business, here are a few things you can do to get ready for GDPR:

1. Go to the Information Commissioners Office (ICO) website.

On the site, you can get an overview of what GDPR is an how it will affect you and your business going forward. Here is the link:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

2. Put a system in place.

If you are self-employed, you are likely to be the point of contact for all GDPR activities, including compliance, monitoring and answering any related queries. Try to put a plan together that is based on the GDPR’s directives. Make sure to include a way to find out if your data has been compromised, so you can notify the relevant authorities within the required time span. You can reduce the chances of data breaches by having adequate data security measures in place, on and offline.

3. Get any necessary consent

One of the key requirements of the new law is that of consent. In certain situations, you are required to have clear and specific consent from individuals that shows that they are ok with how you intend to handle their data.

With about a month to go before the new law comes into place, it makes sense to go through the process of making sure your business is compliant now. Many of the laws from the GDPR are similar to the current Data Protection Act, so there is a good chance you are already following some of the processes, but there might be a few changes that you will need to make so as to be fully compliant.

If you are not already managing your data according to the Data Protection Act 1998 standards then it may be a good idea to seek professional advice from an expert who knows about GDPR, to help you get compliant before the deadline.