Our Partner, Clarion Solicitors, ran a Training Seminar for our members on 30th Jan on GDPR which comes into force on 25th May this year. It was attended by approx 30 members and a few guests and it was a lively debate. I will try to summarise some of the points of what is a big, important piece of legislation but you must take professional advice and not rely on me.
It has taken 7 years to prepare with input from all 28 member states of the EU including us; how on earth are we going to produce such top quality work on our own after Brexit.
GDPR will have direct effect and will be implemented regardless of Brexit. It places more obligations on business and more protection for consumers.
The people involved are Data Subject i.e individuals, Personal Data, Data Controllers such as employers, banks, gaming networks and online shops and Date Processors such as payroll providers, credit checkers, hosted data centres and couriers.
Justifications for Processing
Consent must be freely given, specific, informed and unambiguous. Consent must be positive; it is not effective if reliant on silence, inactivity or pre-ticked boxes. If consent for direct marketing is required, a right to object should be brought to the data subject’s attention.
Legitimate Interest, it is in your business interest to use personal data and the individual expects this usage.
Fulfillment of Contract
Manage Your Compliance
Identify the personal data held in your business. Minimise the personal data you hold. Give someone the role of managing Data Protection issues. Introduce policies to reduce obvious risks, and keep a record of all key GDPR decisions.
Prepare for when individuals exercise their rights. Create internal guidelines so you know what to do when you get a request or complaint. Don’t mis deadlines or fail to comply with requests. Have one person in your business nominated to deal with all GDPR requests.
Chris Rabbit of Rabb-IT, a member of Connect Yorkshire, concluded the seminar with some tips about how to implement GDPR.