You’ve hopefully heard about GDPR (The General Data Protection Regulation).
In short, it’s a huge update to the 1998 Data Protection Act, designed to give people more control over their data.
It will come into force on 25 May 2018, after which most processing of personal data by organisations will have to comply with the Regulation. Here’s a brief Q&A we’ve put together to help you decide if your firm needs to know what’s going on.
What is personal data?
Any information relating to an identifiable person – names, dates of birth, email addresses and other contact details, purchase history.
What is ‘processing’?
‘Processing’ may sound technical, but it just refers to any handling or storage of personal data.
Does it only apply online?
No. It applies to all personal data, whether it’s stored in a sophisticated database or written on 6×4 index cards and kept in your desk drawer.
Are small firms exempt?
No. All firms must comply with GDPR regardless of size.
Will it affect my business?
That’s the bottom line on GDPR.
If you employ staff or have customers then you will be responsible for personal data and will need to comply with its requirements.
Frankly, there’s quite a lot to think about, but it’s important that you do. Rather than write a long article here about it, we’ve gathered some useful links, resources, notes and definitions for you.
We are also keenly aware of our role as a data processor for your organisation. That puts obligations upon both of us, and so we have prepared a GDPR statement about our roles and responsibilities in this regard.
GDPR can seem pretty daunting. If you’d prefer to just talk through it, request a call back, email or call us and we can arrange an appointment to give you more information and discuss where we can help.