A Guide to GDPR
The General Data Protection Regulations give individuals control over personal data. The legislation was introduced to show businesses how to think seriously about personal data, how it is managed, stored and therefore ultimately used.
GDPR comes with harsh penalties for those who do not comply. Companies found guilty of misusing data can be fined heavily, with fines up to 4% of turnover.
The Courts take a strict approach to GDPR compliance; with individuals being able to claim compensation as a consequence of breaches.
To save your business from heavy fines and legal costs, it is important to be compliant from the first instance.
GDPR Controllers and Processors
GDPR is wide reaching and impacts all aspects of business from customers and employees to suppliers and third parties. It is necessary to have a Privacy Notice in place and appropriate contractual provisions.
GDPR applies to both controllers and processors of personal data. Your obligations vary, depending upon whether you are a processor or controller of personal data. In short, a controller decides the purpose of the data processing, whilst the processor actually processes the data.
Both controllers and processors can be claimed against for compensation and damages.
If you are unclear of your obligations in any way, appoint an expert to clarify your role.
Lawful Use of Data
Data ranges from contact information; telephone numbers and emails, to more sensitive information such as medical history.
A Business must have a legitimate reason to store and use data. There are 6 lawful reasons to process data:
- Contractual obligations
- Legal obligation
- Vital interests
- Public interest
- Legitimate interest
Do all businesses must comply with GDPR?
In short yes. GDPR applies to all organisations who hold any form of data. Even small businesses who may only hold limited data such as a contact number technically need to comply.
The data protection laws are complex and what steps you need to take will depend on the nature of the business. The obligation to comply with GDPR is continuous, and there is no short or simple answer. If you are unsure on your own business situation then seek a professional partner to provide legally accurate advice.
Have you any questions?
Here at Yorkshire Powerhouse, we’re happy to help as much as possible – is there anything else we can do to help you, do you have any further questions or can we help introduce you to an expert – please let us know: