{"id":4407,"date":"2017-08-01T15:02:51","date_gmt":"2017-08-01T15:02:51","guid":{"rendered":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk?p=2732"},"modified":"2019-12-12T12:39:28","modified_gmt":"2019-12-12T12:39:28","slug":"preparing-business-gdpr","status":"publish","type":"post","link":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/charity\/preparing-business-gdpr\/","title":{"rendered":"Preparing your Business for the GDPR"},"content":{"rendered":"<p>The General Data Protection Regulation (GDPR) is a&nbsp;new piece of EU regulation intended to strengthen and unify data protection. It introduces new requirements for those processing personal data, as well as tougher penalties for data breaches.<\/p>\n<p>Any business which controls or processes personal data needs to be aware of the changes and prepare before it replaces current data laws.<\/p>\n<p>Similar to the Data Protection Act (DPA), the GDPR places significantly more legal liability on those maintaining records of personal data and processing activities if they are responsible for a breach.<\/p>\n<p>The law will apply in the UK from&nbsp;<strong>25 May 2018<\/strong>. It will be implemented here despite Britain\u2019s exit from the EU, as we will not have departed by the time it applies, and any future policies may well be based on it.<\/p>\n<p><strong>A snapshot of the changes:<\/strong><\/p>\n<ul>\n<li>Maximum fines for serious breaches could rise to as much as \u20ac20m or 4% of annual turnover, whichever is greater<\/li>\n<li>A requirement to report data breaches to the ICO within 72 hours<\/li>\n<li>A wider definition of personal data to reflect evolving technology<\/li>\n<li>Mandatory appointment of a Data Protection Officer<\/li>\n<\/ul>\n<p><strong>The Information Commissioner\u2019s Office recommends 12 steps your business can take now\u2026<\/strong><\/p>\n<ol>\n<li><strong>Awareness<br \/>\n<\/strong>Make sure key decision makers in your organisation are aware of the changing law<\/li>\n<\/ol>\n<ol start=\"2\">\n<li><strong>Information you hold<br \/>\n<\/strong>Document what personal data you hold, where it came from and who it is shared with<\/li>\n<\/ol>\n<ol start=\"3\">\n<li><strong>Communicating privacy information<br \/>\n<\/strong>Review your current privacy notes and plan a timeframe to make any necessary changes<\/li>\n<\/ol>\n<ol start=\"4\">\n<li><strong>Individuals\u2019 rights<br \/>\n<\/strong>Check your procedures to ensure they cover all the rights individuals have, e.g. how you would delete personal data or provide data electronically<\/li>\n<\/ol>\n<ol start=\"5\">\n<li><strong>Subject access requests<br \/>\n<\/strong>Plan how you will handle requests within the new timescales<\/li>\n<\/ol>\n<ol start=\"6\">\n<li><strong>Legal basis for processing personal data<br \/>\n<\/strong>Identify your legal basis for carrying out any data processing you do<\/li>\n<\/ol>\n<ol start=\"7\">\n<li><strong>Consent<br \/>\n<\/strong>Review how you currently seek, obtain and record consent<\/li>\n<\/ol>\n<ol start=\"8\">\n<li><strong>Children<br \/>\n<\/strong>Think about putting systems in place to verify individuals\u2019 ages and gather parental\/guardian consent for data processing<\/li>\n<\/ol>\n<ol start=\"9\">\n<li><strong>Data breaches<br \/>\n<\/strong>Make sure all staff are aware of the correct procedures to detect, report and investigate a data breach<\/li>\n<\/ol>\n<ol start=\"10\">\n<li><strong>Data Protection by Design and Data Protection Impact Assessments<br \/>\n<\/strong>Familiarise yourself with the guidance the ICO has produced on Privacy Impact Assessments<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>The General Data Protection Regulation (GDPR) is a&nbsp;new piece of EU regulation intended to strengthen and unify data protection. It introduces new requirements for those processing personal data, as well as tougher penalties for data breaches. Any business which controls or processes personal data needs to be aware of the changes and prepare before it [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":3079,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[187],"tags":[291,111,121,289,290],"acf":{"related_articles":{"1_select":false,"2_select":false,"3_select":false}},"_links":{"self":[{"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/posts\/4407"}],"collection":[{"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/comments?post=4407"}],"version-history":[{"count":1,"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/posts\/4407\/revisions"}],"predecessor-version":[{"id":5731,"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/posts\/4407\/revisions\/5731"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/media\/3079"}],"wp:attachment":[{"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/media?parent=4407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/categories?post=4407"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.networkportfolio.co.uk\/edwardsinsurance.co.uk\/wp-json\/wp\/v2\/tags?post=4407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}