Latest News

The GDPR countdown has begun

12 February 2018

General Data Protection Regulation coming into force in May will mean fundamental changes in how businesses handle personal data - so if you don't already have a plan in place, now is the time to be thinking about one. Read More...

Scottish Government to consult on LBTT relief for first time buyers

12 February 2018

The Scottish Government have announced that they are to consult on Land and Buildings Transaction Tax (LBTT) exemption for first time buyers on properties under £175,000. Read More...

Get up to Speed on the GDPR

Wednesday 15 February 2017

New EU data protection laws will apply from 25 May 2018 which will have a dramatic impact on your business and the way you hold sensitive customer information.

The new GDPR regulations build on the UK Data Protection legislation and is designed to strengthen data protection for individuals within the European Union, and give those people the ‘right to be forgotten’.

In May 2018, the General Data Protection Regulation (GDPR) will become law, but it will take some months to get UK businesses ready for it. Most business bosses in the UK are unaware of this new regulation, don’t understand it, or are unaware of the consequences of non-compliance. But that will be no excuse if you suffer a loss of data.

What you need to know

If your business loses data, has been negligent or suffered a service attack, malicious or internal hack that puts people’s rights at risk, it must notify a data protection authority (the Information Commissioner’s Office) and the people that are affected within 72 hours of becoming aware of it. Should this 72-hour deadline not be met, your business could be fined up to €10m, or 2% of global annual turnover, whichever is greater. A two-tiered sanction could lead to fines of up to €20m, or 4% of global annual turnover, whichever is greater, for breaches which have been deemed to be most important.

Despite Brexit, businesses that hold any piece of information about any EU citizen, or do business in the EU, will be impacted by GDPR. It is enforceable regulation that is applicable to every UK business regardless of size or market.

Whilst we can assume outsourced services such as hosting companies and 3rd party software providers will be doing all they can to comply, it is important to undertake due diligence to ensure that they are.

So what do you need to do?

Make sure you are aware of the risks to your organisation and that your legal requirements are understood. You will need to identify where your data is stored (hosted servers, cloud solutions, paper records) and be aware of what type of data is being held.

Planning for data breaches by having a clear actionable process in which to identify who or what is accountable is advised. You may need to show that you have adequate cyber security in place and that compliance is monitored.

Review your policies, procedures and mechanisms for gathering, using, sharing and protecting personal data. By beginning to implement data protection policies and solutions now, your company will be in a much better position to achieve GDPR compliance when it takes effect. 

This is the biggest change to Data Protection in almost 20 years, since the introduction of the UK Data Protection Act. Whilst May 2018 may seem a long way off, when you consider the amount of preparation to be done, it is not.

The sooner you look at and address the issue, the more chance you have of avoiding the severe risks within your organisation.