16th October 2017
What should organisations be doing in the countdown to the implementation of the GDPR
The GDPR comes into force on 25 May 2018, notwithstanding Brexit, and with it will come a new era in data management. The Information Commissioner, Elizabeth Denham, describes the GDPR as "a once in a generation change in the law". Organisations will be expected to understand and comply with the GDPR, when it comes into force next year.
Denham has announced that she plans to recruit 200 more staff to take the total number of staff employed by the Information Commissioner's Office (the UK's Regulatory body for data protection) to 700, over the next 3 years. The recruitment drive is primarily so as to deal with education and enforcement of the GDPR, the highest sanctions for non-compliance being fines of up to 4% of annual worldwide turnover of 20 million Euros.
Hewitsons LLP is currently working with clients to prepare for the GDPR and put building blocks in place to move towards an understanding of, and compliance with, the GDPR before 25 May 2018. It is important to act now in order to achieve compliance.
How Hewitsons LLP can help you with the step change being brought into effect by the GDPR
Services which we are currently offering to our clients:
- Audit - we are helping organisations to understand what personal data they are currently holding, how and why is it being processed and carrying out risk assessment to identify what technical and organisational measures are in place to keep it secure;
- Advising on organisations' websites and privacy notices, privacy policies and cookies policies;
- Putting in place data processing agreements;
- Training seminars on the GDPR;
- Putting policies in place to comply with the GDPR;
- Advising on marketing restrictions place on organisations by the GDPR and implementing plans to gain specific and informed consent of data subjects to process their personal data;
- Data protection by design and by default - organisations are expected to protect personal data and design stringent security procedures and processes to minimise the risk of data breaches;
- Assessing whether data protection offices will be required following the GDPR; and
- Advising on cross-border transfers of personal data both inside and outside the EU.
For more information on our Data Protection & Privacy services please click here.