Hot Topic

GDPR what it means for you

On 25 May 2018, the new General Data Protection Regulation (GDPR) will come into force. Information Commissioner’s Office (ICO) guidance confirms that a lack of knowledge will not be deemed an acceptable excuse for not complying with the the new law.

The GDPR replaces the existing Data Protection Act (DPA) 1998, and governs how individuals’ personal data is managed. It applies to all businesses in the EU. Even though the UK will be leaving the EU, it will not affect the commencement of the GDPR, which is set to be placed into UK law post-Brexit.

The GDPR is needed due to developments in internet and cloud technologies. There are now many ways to collect and store personal data. New measures are therefore required to ensure personal data is kept safe, and is only kept for legitimate purposes. All businesses, small and large will be required to comply with the GDPR.

The key principles of the GDPR

There are several key areas that you need to be aware of based on the fundamental principles of the GDPR.

The GDPR places a strong emphasis on accountability and transparency, and holds businesses accountable for safeguarding the collection, usage and storage of a client’s personal data. If you use third party software such as payroll and accounts packages, you will need to ensure these systems are GDPR compliant.

Businesses already compliant with the DPA will need to supply evidence of their compliance with the new GDPR. Businesses are required to identify a lawful basis for processing clients’ personal data: this must be processed fairly and accurately, and be kept in a form which permits the identification of data subjects for no longer than is necessary.

You will need to ensure that your members of staff are aware of the new GDPR rules, and that you provide them with thorough training ahead of the 25 May introduction date.

Ensure you have adequate procedures to prevent data breaches

Finally, businesses are advised to make sure that they have detailed procedures in place to detect, report and investigate a personal data breach. Certain data breaches will need to be reported to the ICO.

Penalties for non-compliance

Failing to prevent a data breach can result in fines of up to 4% of total annual worldwide revenue, or up to €20 million, whichever is the greater.

Further guidance in relation to complying with the GDPR requirements can be found on the ICO website.

Home | Contact us | Site map | Accessibility | Disclaimer | Help | powered by totalSOLUTION. © 2018 DPC Accountants. All rights reserved.
DPC Accountants, Vernon Road, Stoke-on-Trent, Staffordshire ST4 2QY

We use cookies on this website, you can find more information about cookies here.

DPC is a trading name of DPC Accountants Limited.
Registered in England No: 6296958 Registered office address: Vernon Road, Stoke-on-Trent, Staffordshire ST4 2QY.
Registered to carry on audit work in the UK and Ireland and regulated for a range of investment business activities by the Institute of Chartered Accountants in England & Wales. VAT number: 278 3402 46.
Details about our audit registration can be viewed at www.auditregister.org.uk for the UK, and www.cro.ie for Ireland, under reference number C001640100.
In accordance with the disclosure requirements of the Provision of Services Regulations 2009, our professional indemnity insurers are Travelers Insurance Company of 61-63 London Road, Redhill, Surrey RH1 1NA and Manchester Underwriting Management of Centennium Court, East Street, Chesham, Buckinghamshire, HP5 1DG. The territorial coverage is worldwide excluding professional business carried out from an office in the United States Of America or Canada and excludes any action for a claim brought in any court in the United States Of America or Canada.