General Data Protection Regulation (GDPR)
Is your practice ready for ‘the General Data Protection Regulations’ (GDPR), which come into force on 25 May 2018?
In a statement of intent the UK government has committed to updating and strengthening data protection laws through a new Data Protection Bill. It is currently working its way through Parliament and the House of Lords to become Law. It is designed to provide everyone with the confidence that their data will be managed securely and safely.
Under the plans individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. The reliance on default opt-out or pre-selected ‘tick boxes’ to give consent for organisations to collect personal data will no longer be permitted.
The data protection regulator, the Information Commissioner’s Office (ICO), will be given more power to defend consumer interests and issue higher fines – of up to £17 million or 4 per cent of global turnover, in cases of the most serious data breaches. It has published 12 steps to help businesses prepare for GDPR.
The Data Protection Bill will:
- Make it simpler to withdraw consent for the use of personal data
- Allow people to ask for their personal data held by companies to be erased
- Enable parents and guardians to give consent for their child’s data to be used
- Require ‘explicit’ consent to be necessary for processing sensitive personal data
- Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
- Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
- Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
- Make it easier for customers to move data between service providers
Our GDPR Compliance & partners
BTCSoftware is helping accountancy firms comply with GDPR which comes into force on 25 May 2018. There are multiple criteria to satisfy and organisations of all shapes and sizes are advised to start preparing sooner than later.
Irrespective of your organisation’s size you will be obliged to comply to GDPR regulations come 25 May 2018.
As well as notifying your staff and clients make sure you decide how you will audit your current systems and the types of data to see if they will comply with the GDPR. If you haven’t already, assign roles and responsibilities within your team such as Data Controller, Data Processor etc.
BTCSoftware are here to help you along the way and we have compiled a helpful document to ensure your practice is compliant with GDPR regulations.