General Data Protection Regulation (May 2018) We are ready and registered with ICO and compliant!
Data Protection has been replaced by the General Data Protection Regulation (May 25th 2018)
If you employ people you should be asking yourself the following, do an audit of how you handle and collect client data. Even if you don’t employ people you need to look at how you, yourself are taking client details.
- What data does our company hold?
- Where is this data stored? Is this place secure?
- Why are we storing this data and what are we using it for? Are all of our uses legitimate and necessary?
- Who has access to our data? Is it completely necessary for everyone who has access to have access?
- How long do we retain data for? How long do we need to retain it for?
- What is our lawful basis for processing data?
- At present, when collecting a client’s personal data you have to give them certain information, including your identity and how you will use their information. Normally, a privacy notice is provided which explains this.
- Under the GDPR it will be necessary for you to make some changes to your privacy notices as there will be additional information you need to give your clients in order to comply with the new legislation.
Your privacy notices should already state:
- Who you are
- What you will do with the client’s information
- Who their information will be shared with
You will need to add the following things to your privacy notices in clear, concise and easy to understand language.
- What your lawful basis for processing data is
- How long you will retain the client’s data for
- That your client can complain to the ICO if they believe you are not handling their data correctly