Ready, relaxed and realistic


1st June 2018

Focus On Northampton


GDPR, the new law which transforms the use of personal data, will affect the way each of us do business.
There are those businesses who have already taken all the necessary steps to comply but there are others who still need to take responsibility. Failure to comply with GDPR can result in a fine of up to ?20,000,000 or four per cent of your global turnover, whichever is higher. There are also various criminal offences. Remember, the Information Commissioner's Office (ICO) is likely to be harder on those companies who have done nothing.
Liz Appleyard, Partner and commercial contracts specialist at Tollers, said: "People lead such busy lives but businesses must look at how they use personal data and take the necessary steps.
"GDPR compliance affects everything from the visitors' book to the sharing of CVs. There are so many 'what if' questions that it is important that people across the business understand why they must follow these new regulations."

Talk to Tollers
Businesses may still need to act but the advice from Tollers is not to panic.
Rebecca List, Partner and Head of Employment said: "GDPR does have wide-ranging implications but our approach is to spend the energy sorting out any issues rather than panicking or simply ignoring the requirements.
"If you haven't updated your handbooks or reviewed your contracts, it is important to take the time to avoid a penalty. At Tollers we're here for you, so why not let us review your handbook and contracts and help bring them line so that they're GDPR compliant? We can also review your commercial or third-party contracts and terms of business, so Talk to Tollers.
"We are happy to come out and see you to discuss your GDPR needs and see how you're getting on with GDPR compliance."
If you'd like us to visit then please contact us on 01604 258558. We're here for you.

1. Make sure you have the resources to get ready. Getting compliant can cost time and money.
2. Carry out a data audit. What personal data do you hold and where and what do you do with it?
3. Ask yourself why you're holding that data and do you actually use it?
4. Ask yourself if you have a legal basis for processing personal data?
5. Update your policies and review your employment contracts.
6. Review and update your internal processes. You'll need to know how to restrict someone's data if they ask or be able to detect security breaches;
7. Review and update any commercial contracts or contracts with third parties;
8. Appoint a person responsible for data protection compliance within your organisation;
9. Train those will be responsible for data protection compliance; and
10. Keep it under review! It's important to stay compliant.

The European General Data Protection Regulation, GDPR, has two key principles:
1: The aim is to give citizens and residents more control of their personal data.
2: Simplifies regulations for international businesses with a unifying regulation that stands across the European Union.