Let Edwards & Co. expertly guide you through your transition to GDPR compliance.
The way in which the world uses information has changed beyond compare since the enactment of the Data Protection Act in 1998. The number of different media used for information exchange today, as well as the actual volume exchanged, is almost more than can be comprehended. The General Data Protection Regulation has been introduced as legislation fit for purpose in this new era.
There are significant changes, not least the very sizeable fines for breaches, currently capped at €20 million or 4% of annual turnover. There are new obligations in relation to obtaining the consent of a data subject, a requirement to show best efforts to comply and new liability attached to data processors rather than just data controllers. However, Elizabeth Denham, the Information Commissioner, has stated that the new legislation is “an evolution, not a revolution”. In other words, the GDPR does not represent a seismic shift in data protection legislation but rather an improvement to allow for the proper regulation of data use.
The GDPR has been part of UK domestic law since May 2016 but it will only be enforced by the Information Commissioner’s Office (ICO) from 25th May 2018. Sole traders, businesses of all shapes and sizes and all organisations (both public & private) will be obliged to comply with the regulation from that date.
Edwards & Co. can conduct an audit of your compliance with GDPR, draft your data protection policies, provide essential staff training and provide advice in relation to Data Protection Agreements you may be entering into as either a Data Controller or Processor.
As stated above we are nearing the end of the 2 year “grace period” allowed to get our house in order; the time to act is now!
To access official guidance produced by the ICO please click here.