Latest News

Couple arrested in money laundering crackdown

24 September 2018

The National Crime Agency (NCA) arrested a ‘Politically Exposed Person’ from Pakistan and his wife last week, following allegations of money laundering corruption. Read More...

Are bats sucking the blood out of your sale?

21 September 2018

House sales are tricky enough, but what happens when there are bats living in the property you are selling? Here's what you need to know... Read More...

Get up to Speed on the GDPR

Wednesday 15 February 2017

New EU data protection laws will apply from 25 May 2018 which will have a dramatic impact on your business and the way you hold customer information.

The new GDPR regulations build on the UK Data Protection legislation and is designed to strengthen data protection for individuals within the European Union, and give those people the ‘right to be forgotten’.

In May 2018, the General Data Protection Regulation (GDPR) will become law, but it will take some months to get UK businesses ready for it. Most business bosses in the UK are unaware of this new regulation, don’t understand it, or are unaware of the consequences of non-compliance. But that will be no excuse if you suffer a loss of data.

What you need to know

If your business loses data, has been negligent or suffered a service attack, malicious or internal hack that puts people’s rights at risk, it must notify a data protection authority (the Information Commissioner’s Office) and the people that are affected within 72 hours of becoming aware of it. Should this 72-hour deadline not be met, your business could be fined up to €10m, or 2 per cent of global annual turnover, whichever is greater. A two-tiered sanction could lead to fines of up to €20m, or 4 per cent of global annual turnover, whichever is greater, for breaches which have been deemed to be most important.

Despite Brexit, businesses that hold any piece of information about any EU citizen, or do business in the EU, will be impacted by GDPR. It is enforceable regulation that is applicable to every UK business regardless of size or market.

Whilst we can assume outsourced services such as hosting companies and 3rd party software providers will be doing all they can to comply, it is important to undertake due diligence to ensure that they are.

So what do you need to do?

Make sure you are aware of the risks to your organisation and that your legal requirements are understood. You will need to identify where your data is stored (hosted servers, cloud solutions, paper records) and be aware of what type of data is being held.

Planning for data breaches by having a clear actionable process in which to identify who or what is accountable is advised. You may need to show that you have adequate cyber security in place and that compliance is monitored.

Review your policies, procedures and mechanisms for gathering, using, sharing and protecting personal data. By beginning to implement data protection policies and solutions now, your company will be in a much better position to achieve GDPR compliance when it takes effect. 

This is the biggest change to Data Protection in almost 20 years, since the introduction of the UK Data Protection Act. Whilst May 2018 may seem a long way off, when you consider the amount of preparation to be done, it is not.

The sooner you look at and address the issue, the more chance you have of avoiding the severe risks within your organisation.