The new General Data Protection Regulations (GDPR) come into force on 25th May, replacing the current Data Protection Act. The focus is on ‘willing consent’ and ‘the right to be informed’, allowing individuals to control their personal data, deciding how it is used and shared.
As for your business, GDPR will affect the practicalities of direct marketing and customer service. You will need to take stock of what personal data you hold, where it came from and who you share it with. Take a look at your processes, and make any changes you need to comply with the new regulations. One example may be seeking consent from your customers to store their details for marketing purposes.
Getting a plan together could be crucial, even if it does mean extra work, as this may help you to avoid fines. The Information Commissioners Office has some great tools to help you do this in their ‘Getting ready for the GDPR resources‘.
GDPR also means changes for employees.
Employers will need to provide their staff with much more detail on the data they are holding on them. This will affect things like recruitment records, personnel files and time and attendance records and the most effective way to demonstrate compliance is through the provision of individual privacy notices.
We work with HR Partner Ltd who are specialists in employment law and deliver easy to understand advice and help for all your HR needs.
To get you started they have kindly provided us with their ‘GDPR Privacy Notice For Staff’, a time-saving template which can be amended for your business. Be sure to name us, K.A.Farr & Co, in the ‘who has your information’ section and ask each of your employees and job applicants to sign and return a copy for your records. This will provide you with proof of them consenting to you holding their data on file.
GDPR means change and re-evaluation, but if approached with knowledge and planning it need not be a worry.