Your GDPR Questions Answered

20th February 2018

Your GDPR Questions Answered

Unless, in recent weeks, you’ve been in entrenched in deepest, darkest jungle out of the reach of Wi-Fi you can’t fail to have heard about GDPR. So before we go any further let’s be clear on what GDPR is and try and give you some info on what you need to know about GDPR. Here are your GDPR questions answered.

The General Data Protection Regulation (Regulation (EU) 2016/679) is a regulation that the European Parliament, the Council of the European Union (EU) and the European Commission will use to strengthen and unite data protection for all EU individuals. Good news for our individual privacy. But not so fab for the small and micro-business owner. Because make no mistake: doing nothing is NOT an option. Whether you have a big turnover or you make a few hundred pounds a month from your spare bedroom – it makes no difference. These new regulations apply to you. By the 25th of May 2018 you have to be GDPR compliant. So put it in your diary!

 What we have now: the Data Protection Act (DPA)

Under the Data Protection Act of 1998 you are considered compliant with regulations unless you’re found not to be. A bit like how the UK legal system assumes you innocent until proven guilty. With GDPR though you must overtly be seen as compliant. There’s no room even for reasonable doubt.

Why are the regulations changing?

Your GDPR questions answered

It’s a good question.

Our data is being used in ways that the old DPA couldn’t foresee: social media one prime example. As a result, the EU has worked for four years now to bring data protection legislation into line with these modern ways of using said data. At the moment, the UK relies on the 1998 Data Protection Act – and that came into being on the heels of a 1995 EU data protection directive.  The new legislation supersedes that.

What will the new legislation do?

In a nutshell:

  • GDPR has the power to impose tougher fines for breaches and non-compliance.
  • It gives individuals more say over what companies – of all sizes – can use their data for. It also brings in a level of standardisation to data protection rules throughout the EU.

When will GDPR come into force?

25th May 2018 marks GDPR day. From that day forth the legislation will apply in all EU member states. GDPR is a regulation not a directive. This means that the UK doesn’t have to draw up new legislation – rather it will apply automatically.

GDPR for the small business  – here are your GDPR questions answered

Having got to grips with what GDPR is and the fact that no one is exempt from it, the next two most important things to remember are:

  1. GDPR applies to ANY business that is in the business of processing the personal data of EU citizens. This means it also apply to data you have of companies that are based outside the EU.
  2. Brexit changes nothing. The UK government has confirmed that current Brexit negotiations will not affect the GDPR start date. Nor its immediate running. Furthermore, it’s already confirmed that, post-Brexit, either the UK’s own law, or a newly proposed data protection act, will mirror GDPR. So don’t go pinning your hopes on that as a way to avoid taking action.

UK Small Business GDPR checklist 

This article from Simply Business, What is GPDR for small business, has stacks of information – including a GDPR checklist for UK small businesses. There’s more detail in the article but here are the main points in summary:

  1. Know your data: where it is, why you have it in the first place and how long you normally keep it for
  2. Identify whether you’re relying on consent to process personal data
  3. Look hard at your security measures and policies – the chances are they will need updating.
  4. Prepare to meet subject access requests within a one-month timeframe
  5. Train your employees, and report a serious breach within 72 hours
  6. Conduct due-diligence on your supply chain.
  7. Create fair processing notices
  8. Appoint a Data Protection Officer (DPO). 

I’ll leave you with this thought:

The chances are that your inbox is flooded with training organisations offering GDPR courses. I’m reminded here of the old saying ‘A fool and his money are soon parted’. If you think doing such a course will be helpful to you that’s fine. But don’t fall into the trap of thinking it will make you GDPR compliant. It won’t.

If you feel in need of any level of advice and support with GDPR Go-Legal HR is here to help. Contact me via the web form here: Or call me on 07801 709945. If you get my answer phone leave me a message – I promise I’ll get right back to you.