Dominic Cullis from the GDPR Academy explains that, despite the scare-mongering, GDPR can be a positive benefit for your business if you are prepared.
The holding of personal data is regulated in England and Wales by the Data Protection Act 1998. This will be superseded by the General Data Protection Regulation (GDPR) when its provisions take effect on 25th May. GDPR principles are similar but include significant new obligations for organisations and grant individuals a range of new rights.
GDPR will be a positive benefit for organisations that are serious about protecting their client’s personal data.
GDPR will be policed by the Information Commissioner’s Office (ICO) in the same way that the Data Protection Act has been. Fines will increase significantly under GDPR and the maximum fine will be €20,000,000 or 4% of group annual turnover compared with £500,000 currently.
There is an informative guide to GDPR available on the ICO website to help explain the provisions of GDPR to enable firms to prepare. Training is an essential element for a business to be compliant with GDPR. Well educated personnel are less likely to make mistakes and cause a breach of personal data. eLearning is an ideal way for practice managers to ensure all staff obtain the training they require in convenient bite size chunks.
The GDPR Academy is dedicated to providing up to date information about GDPR and the Data Protection Bill currently working its way through Parliament. GDPR Academy courses combine video, animations, infographics and downloadable technical documents combined with multiple choice quizzes to ensure a topic has been successfully learned.
Conveyancing and law firms hold a vast amount of customer personal data with the nature of transactions so any data breach will be taken very seriously by the ICO. Firms must protect themselves as diligently as possible and demonstrate that they have taken all possible steps to avoid a data breach.
Firms need to identify that all personal data that they hold in relation to staff, clients, prospects and suppliers is not only secure but that it has been compiled according the GDPR regulations and that it is managed accordingly. The past ways of gathering a prospect list won’t necessarily be compliant with the new regime. Firms now needs to demonstrate good procedure, compliance and express permission from the owners of the data.
Firms must demonstrate that they have a data protection policy, including a data protection breach policy as a breach must be notified to the ICO within 72 hours of occurrence.
It is estimated that only 20% of UK businesses will be GDPR-ready at by the time the regulation comes into force in a month’s time. Good governance aids good practice and firms that are properly prepared for GDPR and best protected against cyber threats by demonstrating their compliance with policies, training and management will be able to use this governance to run their firms more smoothly and take advantage of the new regulations.
