It has become increasingly apparent through conversations with clients and businesses in many different fields that there is both a misunderstanding of GDPR and its compliance, as well as a staggering number of people who still have not heard about GDPR or started planning for it.
If you fall into the latter, GDPR stands for the General Data Protection Legislation. The legislation is to replace the aged Data Protection act and give all countries in the European Union a common data protection law. The major aim with GDPR, was to give individuals control over their data again as it has long been a belief with the internet boom that individuals had lost touch with their data.
What do you need to do?
Well, in essence that depends. If you're an individual, then you can relax knowing that this legislation is putting you back in control of your data. Simpson Wood are working with the legislation to ensure that the data we hold about you, is necessary, accurate and most importantly, safe. You may see some communications from us in the coming months for you to update us with the best contact details and inviting you to sign up for our secure portal for communications and transmission of sensitive documents such as tax returns.
However, if you own, or manage a company that holds personal information about individual people (which may just be a CV containing information on job candidates), it would be wise to start looking at the GDPR legislation to see what you need to do. We would recommend that decisions should be made at board level with one person appointed to oversee the GDPR process for your company.
What are the major changes?
Firstly, the legislation has defined the term data processing to include the storage of data, so if your company holds data about an individual, then you are processing data and must comply with the regulation. Whilst local law overrides the GDPR for data retention (i.e. accounting records must be kept by law for 6 years, whilst payroll data must be kept for 3 years plus the current tax year).
The GDPR has made a few waves within the marketing departments and as such, individuals must specifically opt in to receive marketing now. If they haven't requested your marketing via email, post, SMS or phone call you could be breaching the GDPR legislation.
Alongside the above, there are a host of changes defining data into special categories (such as sensitive medical data) and the practices relating to the storage of this data. The GDPR covers much more than the points made above, so if all of this is unfamiliar to you, we would point you at the ICO website as a starting point.
Simpson Wood is committed to ensuring that your data is stored safely and securely, if you wish to update the details we hold on you please feel free to get in touch.
Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsibility for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients' business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted scope. Simpson Wood Ltd does not provide legal advice that will ensure that clients are in compliance with the GDPR.