GDPR

The General Data Protection Regulation (GDPR)

Data protection laws have changed and came into force from 25th May 2018. In the UK, the main data protection laws are the UK General Data Protection Regulations (GDPR) and the Data Protection Act (DPA) 2018. All UK businesses need to take care when processing staff or customer personal data and must be aware of their data protection responsibilities and obligations. Creating GDPR-compliant documents helps organisations to comply with their legal obligations. Businesses that do not comply with the GDPR and DPA will be subject to significant fines.

Federation of Small Businesses (FSB) claims that SMEs are now more likely to be targeted by cybercriminals than their large corporate counterparts and cybercriminals consider SMEs softer targets. The GDPR is considered a necessity for the protection of data in a modern internet-based society. It is also a chance to take a fresh look at your data security as data breaches may impact on your business reputation.

Businesses should review their existing data and delete any that they do not have a valid reason to hold it. The GDPR sets out the legal bases available for processing personal data such as needing it to perform a business contract. Businesses should review what data they hold, have they got consent and if they need to keep it. Data should be kept secure and this will require a review of current practices to prevent data breaches.