by Steve Upham : altspace Coworking Office, Altrincham
The General Data Protection Regulation or GDPR will take affect from 25th May 2018 and will replace the Data Protection Act / Directive implemented in 1998. The new regulations acknowledge the immense change in the scale and management of people’s personal data and was felt to be necessary to standardise practice across European businesses. Companies in the future will need to be transparent about what they are doing with people’s data and for how long they are going to store the data. As consumers we also have new rights to assist in the management of our data.
This November Jim Phelan from Fortis Greene visited altspace in association with the Federation of Small Businesses to run through some points of interest for businesses. The new legislation is good news for individuals empowering us to be in control in who has our data and how it’s stored. However, the impact of the new GDPR is far reaching for small businesses and in this blog I’m going to attempt to summarise some of the key areas of interest from Jim’s talk. If further reading is required it would be appropriate to read up online at the EU GDPR website.
Our personal data includes anything that can be used to reference each of us including IP addresses and other links within cookies or online activity. Many companies have been harvesting these details and sharing them without our knowledge to assist in loyalty programmes and targeted marketing campaigns.
From May companies need to manage the following expectations.
- Privacy needs to implemented by design
- Organisational and technical arrangements need to be introduced so that consumers are informed on what’s being held on file about them.
- All data stored needs to completely secure. The company will be responsible for any breaches of information and could be given a substantial fine if culpable of neglecting their duties.
Some of the headline changes include ;
- Companies will be required to spell out exactly what they intend to do with data.
If your company has more than 250 staff it will require a Data Protection Officer to monitor best practice.
- Consent will be required by customers as to how they’re data is to be used. In addition a time-frame on data use will need to be highlighted.
- Right to erasure – One significant change is that from May next year an individual can request that a company erase any personal records that may be held on them.4
- Transfer of information – An individual can also request that data be transferred from one company to another. The Data Controller from the relevant company would be responsible for ensuring that this happened safely and competently.
Visit altspace for flexible office solutions, rates from £14 a day.
19-23 Stamford New Road, Altrincham, Cheshire. WA14 1BN