The summer of athletic games with all its unexpected results is quickly fading into a distant memory but a new race is looming. This is a race that all businesses and organisations can ill afford to miss as the consequences in doing so may result in either criminal or significant financial implications or both. The Government has finally published a statement of intent confirming their commitment to overhaul our current data protection laws and incorporate within the remnants of that the European General Data Protection Regulation (GDPR) and corresponding Data Protection Law Enforcement Directive (DPLED) by 25 May 2018.

Will GDPR apply to SME’s?

GDPR affects any business or organisation that collects, shares or processes personal data and operates within the EU.  Personal data in its broadest sense means any data that enables you to identify a living person. So for example personal data would include minutes taken at a disciplinary hearing or emails which make reference to an employee by name. Under the new law the definition of personal data will be widened to also include IP addresses, internet cookies and DNA, as clearly in our new digital age this type of data can also be used to identify living individuals.

What are the consequences if I just ignore GDPR?

GDPR will be policed by the Information Commissioners’ Office (ICO) and their regulatory powers have been significantly enhanced to ensure compliance. Any businesses choosing to ignore the new laws will run the risk of the ICO’s flexing its new muscles by imposing regulatory fines of up to 4% of gross global turnover or £17 million.  Regardless of the size of your business or whether you trade exclusively within the British borders, with eye watering consequences like these it’s probably not a good idea to bury your head in the sand.

How do you ensure you are ready for GDPR

So the clock is ticking to be ready for GDPR. We reported here that the Information Commissioner’s Office had issued a guide for SMEs to help them prepare for GDPR. This guide is still very relevant and worth a look, if you have not done so already. Here are a few practical reminders of the steps you could take:

  • Carry out a critical analysis of what data you process within the business and consider whether it relates to living identifiable individuals in the EU,
  • Review all your current data consents and determine if you are seeking appropriate levels of consent,
  • Hold training with staff and raise their awareness of the new data protection laws and financial consequences of non-compliance.

If you would like to discuss how to prepare for GDPR contact the LHS team for expert advice. 

You're on our blog and updates site, which is hosted by elXtr, a leading online legal information service owned by LHS Solicitors LLP.

Law for the online generation starts here.