With GDPR now in force through the enactment of the Data Protection Act 2018, the most notable thing is that the panicked phone calls have stopped! Does this mean that all of our clients are completely compliant? We doubt it – however there is the inevitable feeling that now GDPR has been enacted and nobody died, that its all blown over.

We have been emphasising that the ethos of the GDPR can be summed up in three words, RESPONSIBILITY, ACCOUNTABILITY, and DEMONSTRABILITY.

Responsibility

You are responsible for analysing what data you process and ensuring that you are compliant with the legislation. It is no longer enough to simply adopt a policy that someone else has drafted for you, or to rely on your service provider’s assurances as to the security of your data. You must take responsibility for your own data, and how it is processed and secured.

Accountability

You will be accountable for the actions of the individuals within your organisation who come into contact with personal data, and any external suppliers and customers who have access to your personal data, for ensuring their compliance with the legislation. Make sure that you educate your staff as to what they should be doing. An “inward” facing data protection notice should set out how your organisation expects its staff to handle personal data and you should ensure that each member of your staff is appropriately trained in their data protection obligations.

Demonstrability

GDPR is all about making you think about what data you have and what you do with it. Even if you make the wrong decision about processing data in accordance with the legislation, the fact that you:

  • identified the fact that personal data was being processed;
  • made a judgement as to how this should be done in accordance with the legislation; and
  • can reasonably justify that judgement;

will take you a long way in defending any claim for breach of the GDPR.

If you need any help with ensuring that your organisation is GDPR compliant, please contact Jane Rudge on 0121 227 3885 email jrudge@thursfields.co.uk or James Monk on 0121 227 3366 email jmonk@thursfields.co.uk

Latest News

12 Nov

To Tweet or not to Tweet – that is the question?
Read more

Share

82 Views

0 Comments

08 Nov

Are you prepared for BREXIT?
Read more

Share

100 Views

0 Comments

Upcoming Events

20 Nov

HR Exchange - 'Tis the season to be folly?!?! Avoiding the perils of the Christmas party
Read more

Share

162 Views

0 Comments

29 Nov

Solihull Festive Thursty Thursday
Read more

Share

152 Views

0 Comments