Consensus HR

Your outsourced HR department.

Preparing for the General Data Protection Regulation (GDPR)

Published in Employment Law

With the date rapidly approaching, we thought it best to write a more detailed General Data Protection Regulations (GDPR) blog so that everybody is ready for its arrival on the 25th May 2018 and companies have had the opportunity to properly prepare.

This blog details the 12 steps companies should take now and has been written using the information provided by the Information Commissioners Office.

Matthew from Consensus HR comments “Businesses need to ensure that they are fully prepared for this new piece of legislation as in the past penalties were very rarely enforced but this is about to change from May 2018 with high penalties.”

Increased penalties under the GDPR

When the EU General Data Protection Regulation (GDPR) is enforced from 25 May 2018, breached organisations will find the fines they face increasing dramatically.

From a theoretical maximum of £500,000 that the ICO could levy (in practice, the ICO has never issued a penalty higher than £400,000), penalties will reach an upper limit of €20 million or 4% or annual global turnover – whichever is higher.

For many businesses, the threat of insolvency or even closure as a result of GDPR penalties will soon be very real.

Five months is not long to bring an organisation – especially a larger one – to a state of compliance with the new law, which is why it’s essential to prepare now.

12 steps to take now

  1. Awareness
  2. Information
  3. Communicating
  4. Individuals rights
  5. Subject access requests
  6. Lawful basis for processing personal data
  7. Consent
  8. Children
  9. Data breaches
  10. Data Protection by Design and Data Protection Impact Assessments
  11. Data Protection Officers
  12. International

Click here to read an overview of the 12 steps

Our previous blog gives more details – The Arrival of the new General Data Protection Regulations (GDPR)