Autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et dolore feugait

Our top 8 tips to prepare for the GDPR

If you run a business, the GDPR will probably be on your radar by now. Although preparing for the new rules may seem like a daunting task, it doesn’t have to be. 

When it’s introduced on 25 May 2018, the GDPR will apply to all UK businesses that handle personal data. As a result, every organisation that collects, processes or stores personal data should be taking steps now to ensure it can achieve compliance. 

Here are our top 8 practical tips to get ready for the GDPR

1 – Understand your data

The GDPR requires you to give more information to individuals explaining how their data is used – you can only do this if you understand the reason why you collected and hold it in the first place

2 – Legitimate interest

If you rely on ‘legitimate interest’ as a lawful base for processing data, you need to have a specified, explicit and legitimate purpose to collect candidate data. Stop collecting data you don’t have a legitimate need for – addressing the point above should help you identify where changes can be made.

3- Consent

Review your consent practices to bring them in line with the GDPR’s standards. Many organisations are relying on consent when they don’t need to. You may need to ask for consent if you require sensitive data like disability information or cultural and genetic information.

4 – Data subject’s rights

In some circumstances, you may need to comply with the data subject’s wish to delete their own data from all systems where you store it within one month. You also need to comply with their wish to access their own data from all systems where you store it within one month.

5 – Train staff

All staff should be aware of the key changes, such as no longer being able to charge for responding to subject access requests.

6 – Assess your data

How long do you retain data for, how do you store it and how do you secure it? The GDPR doesn’t necessarily require you to change your practices on these points, but you shouldn’t hold on to personal data for longer than you need to, and it needs to be kept secure.

7 – Contracts

Amend all your data contracts. Even if they comply with the current law, they will need to meet additional requirements introduced by the GDPR.

8- Record everything

Keep records of what you are doing to prepare for the GDPR. Organisations will need to evidence their compliance with the legislation, under a new “accountability” concept included by the GDPR.

The thought of making your business GDPR compliant can be daunting, however, by ticking the above you should ensure that you are as prepared as possible for the new data protection regime. 

If you need help and advice regarding GDPR, please do not hesitate to contact me or the employment team on 0113 350 4030 or at hello@scesolicitors.co.uk.

If you would like to be kept up to date with employment law and dispute resolution updates, please subscribe to our monthly newsletter.

SCE Solicitors is a boutique employment law and dispute resolution practice based in Leeds which advises clients nationwide.  Please note that the information in this blog is to provide information of general interest in a summary manner and should not be construed as individual legal advice. Readers should consult with SCE Solicitors or other professional counsel before acting on the information contained here.

Richard Newstead
Latest posts by Richard Newstead (see all)
Richard Newstead

Richard qualified as a Legal Executive over 20 years ago and has significant experience in Employment law and Litigation. Richard acts for both employers and employees drafting and advising on settlement agreements, contracts of employment, consultancy agreements, directors service agreements and general workplace policies. He acts for commercial clients in the employment tribunal dealing with unfair dismissals, constructive dismissals and claims for discrimination.

%d bloggers like this: