The General Data Protection Regulation (GDPR) comes into force in the UK on 25 May 2018. An evolution of existing data protection legislation, GDPR will introduce some significant changes to the current regime – and with non-compliance leading to potential fines of up to €20 million, businesses must take these changes seriously.
GDPR affects all organisations, so it is vital that you are aware of your obligations. Essentially, if you handle personal data, that data must be ‘fit for purpose’. For most businesses data is focused around information concerning employees and information concerning customers and potential customers.
To be ready for GDPR the actions your organisation needs to take depend on the data you hold. You need to understand how it has been gathered and stored, how it is being used, identify the risks and any gaps in your compliance. For most businesses it will mean activities right across an organisation including reviewing policies and procedures, updating contracts and training of staff.
With specialist lawyers across our employment and HR, commercial and litigation departments, the Napthens’ team can help you meet your GDPR responsibilities in key areas including:
Guidance on company data audits
Providing new policies / updating existing policies to meet new requirements
Drafting and amending terms and conditions with clients /suppliers
Guidance on privacy notices
Advice on supply chain data issues
Training of Data Protection Officers (DPOs) senior managers and staff on specific GDPR obligations