Steps to Prepare for the GDPR
On 25 May 2018, the General Data Protection Regulation (GDPR)
comes into effect in the EU and across the United Kingdom. The GDPR replaces
the Data Protection Act (DPA) and ushers in expanded rights to individuals and
their data, and places greater obligations on businesses and other entities
that process personal data.
the GDPR’s main concepts and principles are the same as those in the DPA, so if
you are complying properly with the DPA much of your approach to compliance
will remain valid under the GDPR and can be a starting point to build from.
However, there are new elements and significant enhancements, so you will have
to do some things for the first time and some things differently.
Make sure that decision
makers and key people in your organisation are aware that the law is
changing. They need to appreciate the GDPR’s impact.
STEP 2: INFORMATION YOU HOLD
Document what personal data you hold, where it came
from and with whom you share it. You may need to organise an internal audit.
STEP 3: COMMUNICATING PRIVACY INFORMATION
Review your current privacy notices and put a plan in
place for making any necessary changes in time for GDPR implementation.
STEP 4: INDIVIDUALS’ RIGHTS
Check your procedures to ensure they cover
individuals’ rights, including how you would delete personal data or provide
data electronically in a commonly used format.
STEP 5: SUBJECT ACCESS REQUESTS
Update your procedures and plan how you will handle
requests within the new timescales and provide any additional information.
STEP 6: LAWFUL BASIS FOR
PROCESSING PERSONAL DATA
Identify the lawful basis for your processing activity
in the GDPR, document it and update your privacy notice to explain it.
Review how you seek, record and manage consent, and
whether you need to make any changes. Refresh existing consents now if they
don’t meet the GDPR standard.
STEP 8: CHILDREN
Think about whether you need
to put systems in place to verify individuals’ ages and to obtain parental or
guardian consent for any data processing activity.
Make sure you have the right procedures in place to
detect, report and investigate a personal data breach.
STEP 10: DATA PROTECTION BY DESIGN AND DATA PROTECTION IMPACT
Familiarise yourself with the ICO’s code of practice
on privacy impact assessments as well as the latest guidance from the Article
29 Working Party, and figure out how and when to implement them in your
STEP 11: DATA PROTECTION
Designate someone to take responsibility for data
protection compliance and assess where this role will sit in your
organisation’s structure and governance arrangements. Consider whether you are
required to formally designate a data protection officer.
If your organisation operates in more than one EU
member state, including carrying out cross-border processing, you should
determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you.
Quantify your exposure by using our checklist, please contact us today at firstname.lastname@example.org or 01959 565678 for a copy of our checklist.
Can Prepare for the GDPR
less than one year, the EU General Data Protection Regulation (GDPR) will come
into force. Despite Brexit, the UK government has confirmed that it will comply
with the GDPR.
the GDPR will be formally adopted on 25 May 2018, your organisation should
begin taking the necessary steps, if you have not already done so. There are three
central standards to comply with:
by design—Integrate data protection before implementing any new
procedures. In addition, you should do the following:
Be transparent about the data you collect and how it
will be used.
Minimise processing personal data where possible.
Encrypt personal data so it cannot be used to identify
rights of employees—An employee has three rights:
The right to know how and why his or her personal
information is being processed.
The right to access his or her data and to have
inaccurate data corrected.
The right to be ‘forgotten’, which requires an
employer to erase personal data about an employee in certain circumstances.
be considered accountable, an organisation must complete the following:
Appoint a data protection officer, if necessary.
Carry out privacy impact assessments.
Consult with the data protection authorities before
new data processing activities can commence.
Keep records of all its processing activities.
undertaking privacy impact assessments, reviewing your data management
processes and auditing the data your HR team stores now to ensure that you are
compliant in May 2018. If you would like to find out more about how your organisation
can stay cyber-compliant, contact Weald Insurance Brokers Limited today.
Workers Are Sad—Here’s Why
Genie, a UK business support consultancy, surveyed office workers about their
happiness in the workplace. Based upon the 200 surveyed employees, the average
score was 3.63 out of 5. The five most commonly cited reasons for unhappiness
were the following:
Feeling a lack of control over
Having a bad or poor relationship
Having a poor working environment
survey also found that 51 per cent of employees with mental health problems
felt unsupported in the workplace. To ensure that all the employees at your
organisation are happy, consider implementing these six simple practices:
Award deserving employees a pay
Present the opportunity to earn
Offer flexible work hours.
Provide employees with the choice
to work from home.
Permit a greater degree of privacy
for your employees.
Rearrange your office to have a
more open concept.
Top Tips for Preparing Your Home for Summer
pays to inspect your home for safety and efficiency before the summer season
fully sets in. While you can complete some of these cleaning procedures
yourself, other duties require professional help to ensure the work is
out your fridge, freezer and pantry. Take everything out,
wipe down the shelves and throw away expired food. Rearrange your food for
better organisation and cleanliness.
the garage. Seasonal items can quickly become
dusty and disorganised when not in use. Keep your garage clean and organised by
installing shelving and by hanging tools on the wall.
door and window insulation.
Make sure weather stripping sufficiently seals openings, and immediately repair
any cracks or peeling. Then, open your windows to expose your home to fresh
your roof. The roof is your
home’s first defence against heat and rain. Maintain the roof’s integrity by
hiring a roofing professional to examine its flashing, caulking and shingles.
your wardrobe closet. The
winter months may have left your summer clothes buried and wrinkly. Use this
time to rotate seasonal clothing, clean any dusty items and select old clothes
your garden. Rip out weeds and
dead plants, rake mulch and plant beds to promote oxygenation. Then, use a
lopper to trim shrubbery and overhanging trees.
In February 2016, the new guidelines
from the Sentencing Council came into force. These amendments dramatically
increased fines for corporate manslaughter, food safety and hygiene offences,
and health and safety offences. Within the first year, the number of health and
safety prosecutions against directors and officers have tripled. What’s more,
is that the value of the 20 highest fines in 2016 totalled £38.5 million, which was
just slightly more than all 660 successful prosecutions in 2015-16. Research
from law firm BLM shows that there has been a 148 per cent rise in the overall
amount of fines since 2015, with the average fine amount rising from £69,000 to £211,000.
These new guidelines place a much higher
burden on directors and senior managers to ensure that their organisation is
compliant with health and safety regulations. If they do not rise to meet this
responsibility, the average health and safety fine is £75,000 more than the
cost of compliance, according to health and safety consultants, Arinite. Yet,
steep fines are not the only deterrent for noncompliance, as it has become
increasingly likely that directors and officers could go to prison for either
intentional breaches or a flagrant disregard of their responsibilities. In 2016,
34 company directors and senior managers were prosecuted and found guilty,
resulting in 12 prison sentences.
To help your organisation avoid these
potentially debilitating fines, consider the following best practices:
Have a health and safety professional conduct
a health and safety review of your premises and policies.
Provide annual comprehensive safe work
practices training for all your employees.
However, the most beneficial practice
that your organisation can invest in is to purchase robust directors and
officers (D&O) cover that also provides run-off cover. For more
information, contact the professionals at Weald Insurance Brokers Limited