Boddy Matthews
Solicitors

 
  Boddy Matthews  
 

GDPR – Are You Ready?

 

As you will no doubt be aware, new data protection laws (in the form of the General Data Protection Regulation -GDPR) come into force on 25 May 2018. See below for our insights on the GDPR, the effects it will have on your business and highlighting actions which you should be taking to ensure compliance.

 

We will be updating this page and regularly adding our top tips together with other useful nuggets of information to enable you understand the basics of the GDPR and how to comply. If you require bespoke internal training on the forthcoming changes, please call your usual Boddy Matthews contact or email us at info@boddymatthews.com.

 



Back to Basics

 

 

The GDPR is an update to existing data protection laws which strengthens individuals’ rights to control how their data is used. In a digital age where data has become a precious commodity it will ensure that businesses are more transparent and provide clarity on how and why they use/store/ transfer personal data.   

 


Yes, the GDPR will apply to all businesses that process, store, collect, or control personal data; in essence all businesses will be caught by the GDPR. All businesses process personal data in some shape or form. It will apply to all organisations established in the European Union (the EU). It will also apply to those organisations based outside the EU but which process the data of EU data subjects.

 


We will be looking at some of these changes in more detail and their practical implications before 25 May 2018. However, the key changes introduced by the GDPR can be summarised as follows:

  • Accountability and demonstrating compliance is at the heart of the GDPR
  • Increased and/or new rights for data subjects
  • Processors and controllers caught by GDPR
  • Appointment of a Data Protection Officer (DPO)
  • 72 hour breach notification
  • More data is caught within personal data definition
  • Higher bar for lawful processing and obtaining consent
  • Tougher sanctions

 



What do I need to do?


The immediate first 3 steps you need to take to assist you in complying with the GDPR should be:

    1. Carry out an internal data audit to establish the following, amongst others:
    • what personal data you hold
    • where the data came from
    • where the data is held
    • if third parties have access to that data
    • how is that data kept secure.
    2. Identify the basis under which you process personal data:
    • Do you have a lawful basis for processing that data?
    • Do you rely on consent? If so, how was this consent obtained? Will this consent be valid under the GDPR?
    3. Review the format and content of your current privacy notices:



  


 
     
 

Office Address

 

Boddy Matthews Limited
7-11 High Street
Reigate, Surrey
RH2 9AA

 

Contact

 

+44 (0) 1737 339838 info@boddymatthews.com

Chambers / Legal 500

 

undefined undefined

Follow Us

 

Facebook Twitter Pinterest Linkedin

Legal Information

 

Company Information
Regulation
Terms of Business
Anti-Bribery & Corruption Statement
Slavery & Human Trafficking Statement
Diversity Policy
Privacy Policy
Cookie Policy