Furley Page offices close for Christmas at 12.30 pm on Tue 24 December 2024 and will reopen at 9am on Thu 2 January 2025.
- Conveyancing and residential property
- Family law
- Wills
- Succession planning and asset protection
- Probate
- Contested wills, trusts and probate
- Elderly and vulnerable client
- Powers of attorney
- Court of Protection
- Trust management
- French property and estates
- Personal injury claims
- Medical and clinical negligence claims
- Employment law for employees
- Bankruptcy
- Home
-
Legal services
-
For you & your family
- For you & your family
- Conveyancing and residential property
- Family law
- Wills
- Succession planning and asset protection
- Probate
- Contested wills, trusts and probate
- Elderly and vulnerable client
- Powers of attorney
- Court of Protection
- Trust management
- French property and estates
- Personal injury claims
- Medical and clinical negligence claims
- Employment law for employees
- Bankruptcy
- For business
-
Specialist sectors
- Specialist sectors
- Agriculture and rural business
- Automotive
- Charities and not-for-profit
- Dentists
- Education
- Equine
- Food and drink
- Health and care
- Hospitality and leisure
- Manufacturing and distribution
-
For you & your family
- Our people
- Reviews
-
About us
- About us
- Careers
- News & Insights
- Contact us
February 5, 2018
Whether you’re (i) bored to death of being bombarded with emails regarding the European Union’s General Data Protection Regulation (GDPR); or (ii) scared to death at the extension of powers of the Information Commissioner’s Office (ICO), who will be able to impose fines of up to €20 million or 4% of annual worldwide turnover; or (iii) oblivious to the above, the clock is ticking and businesses now need to take action.
The aim of the new laws on data protection is to ensure that personal data is protected and may only be processed (that is, obtained, recorded, held, used or disclosed) under certain circumstances.
The onus will be on the management within any business to ensure it can demonstrate compliance with the new accountability principle contained in the GDPR.
Businesses need to undertake the following steps:
- Audit the data held, i.e. what information do you hold, how it was obtained, who has access to it, what it is used for and how long it has been held; do you still need it?
- Identify on what lawful basis the data is held; for example, do you have consent? Note that implied consent through an opt-out will not be sufficient under the GDPR. Express consent will be required if you have no other lawful basis.
- Update/implement internal policies regarding data processing and ensure that all staff are trained.
- Review existing privacy notices, data protection policies and both supplier and customer contracts to ensure they will be GDPR compliant.
- Review your IT infrastructure and capability for erasing or rectifying data. Access request fees are going and individuals will have the right to be “forgotten”.
- Consider how secure your system is and devise a plan for security breach, disaster recovery and data restoration. Notification regarding breach will need to be made to the ICO within 72 hours.
- Consider appointing a data protection officer.
- Introduce regular checks and training to monitor ongoing compliance.
There is a lot to do before 25th May 2018 but if businesses undertake the above steps they should be GDPR compliant in time.
If you need some assistance with your data protection policies, privacy notices and updating supplier or customer contracts then please contact Susan Jennings at saj@furleypage.co.uk or Jamie Bourne at jab@furleypage.co.uk