With GDPR now in force through the enactment of the Data Protection Act 2018, the most notable thing is that the panicked phone calls have stopped! Does this mean that all of our clients are completely compliant? We doubt it – however there is the inevitable feeling that now GDPR has been enacted and nobody died, that its all blown over.

We have been emphasising that the ethos of the GDPR can be summed up in three words, RESPONSIBILITY, ACCOUNTABILITY, and DEMONSTRABILITY.

Responsibility

You are responsible for analysing what data you process and ensuring that you are compliant with the legislation. It is no longer enough to simply adopt a policy that someone else has drafted for you, or to rely on your service provider’s assurances as to the security of your data. You must take responsibility for your own data, and how it is processed and secured.

Accountability

You will be accountable for the actions of the individuals within your organisation who come into contact with personal data, and any external suppliers and customers who have access to your personal data, for ensuring their compliance with the legislation. Make sure that you educate your staff as to what they should be doing. An “inward” facing data protection notice should set out how your organisation expects its staff to handle personal data and you should ensure that each member of your staff is appropriately trained in their data protection obligations.

Demonstrability

GDPR is all about making you think about what data you have and what you do with it. Even if you make the wrong decision about processing data in accordance with the legislation, the fact that you:

  • identified the fact that personal data was being processed;
  • made a judgement as to how this should be done in accordance with the legislation; and
  • can reasonably justify that judgement;

will take you a long way in defending any claim for breach of the GDPR.

If you need any help with ensuring that your organisation is GDPR compliant, please contact Jane Rudge on 0121 227 3885 email jrudge@thursfields.co.uk or James Monk on 0121 227 3366 email jmonk@thursfields.co.uk

Latest News

13 Sep

Keystones of the GDPR for your Business
Read more

Share

73 Views

0 Comments

13 Sep

Thursfields named as finalist in national legal awards after training success
Read more

Share

67 Views

0 Comments

Upcoming Events

19 Sep

Thursfields Halesowen 5 year anniversary celebration
Read more

Share

239 Views

0 Comments

20 Sep

Worcester Thursty Thursday
Read more

Share

358 Views

0 Comments