The General Data Protection Regulation race is on and clubs will have to comply. In the first of a series of articles on this tricky subject, Joanne Bone, of employment law specialists Irwin Mitchell, outlines what will happen in 2018... We all know we have a duty to protect the personal data of our customers and clients. But the way in which businesses process data is changing significantly. Time is running out to get up to speed with the new rules and the penalties for non-compliance are potentially huge. All businesses that use personal data have up until May 25 next year to make sure they are adhering to the new General Data Protection Regulation (GDPR) legislation. Those who don’t comply could be punished with potential fines of up to €20 million, or 4% of annual worldwide turnover, whichever is larger. Don’t expect Brexit to make a difference, either. Even though the GDPR is European legislation, the Government has confirmed it will still be implemented. So the clock is now ticking for businesses to ensure they are ready ahead of the May 25 deadline. GDPR will apply to ALL businesses that process personal data – information about individuals – and it will affect those firms more than they might have first thought. In a YouGov survey for Irwin Mitchell, of the 2,129 senior decision makers within business who took part, only 38% were aware of the new GDPR rules. Over a third believed it was not an issue for the sector they work in. There is a perception that it will only apply to consumers. But it has a far wider application than that – also applying to the use of personal data in HR and IT as well as in a business context, if you deal with any suppliers or customers who are sole traders or partnerships, for example. It’s not all doom and gloom. You can use your compliance to build trust and confidence with your customers and clients. If you get the right permissions, you can also shape your offering to clients and take advantage of Big Data, making your data work for your business. It could possibly even save, or make, your business money. What are the key changes that are going to be introduced? Compulsory notification of data breaches Data breaches which impact on privacy will have to be notified to the Information Commissioner’s Office and individuals affected within 72 hours of it happening. Breaches can range from a customer database being hacked to putting a letter in the wrong envelope. You will need to monitor your systems to know whether or not there has been a breach. Consent The need to ensure that any consents are compliant and refreshed appropriately. Consents must be explicit and freely given. Each purpose needs a separate consent and individuals must be given simple easy-to-access ways to withdraw their consent at any time. Recent draft guidance issued by the ICO indicates they will take a hard line with consent...
This is member only content
Please LOGIN to read the full
Not a member? Please click here to join today.