All businesses hold and use people’s personal data to varying degrees and consequently must comply with Data Protections regulations. The Data Protection Act 1998 has governed how this personal data can be used and how it needs to be looked after. A breach will impact on your business, attracting negative publicity as well as potential fines and there has been a steady flow of examples where businesses have been caught out by or flouted the regulations.
The General Data Protection Regulations (GDPR) 2016 replaces the Data Protection Act with effect from May 2018 expanding responsibilities as well as significantly increasing the potential scope of fines for breaches.
The GDPR adds to the burdens and responsibilities under the Data Protection Act, making it essential that businesses consider what personal information they hold and ensure that they are using this data in a way which is compliant. Businesses should ensure that they have thought through their use of personal data, keep it secure, as well as know what they would do if they experienced a breach.
If your business provides goods or services that involve personal data being obtained or transferred, your customers (whether individuals or other businesses) will expect this personal data to be used in a compliant way and both consumer and business to business contracts should contain provisions addressing data protection to cover this.
Our commercial and digital teams have experience advising and training organisations around their data protection obligations and the impact these have on businesses’ ways of working and can help you understand what is required to comply.
Speak to one of the Digital team members today on 01423 509000 or email email@example.com