The General Data Protection Regulation (GDPR) comes into effect in the UK from 25th May 2018. Whilst this is EU legislation the government have confirmed that the decision to leave the EU will not affect the commencement of the GDPR in the UK.
The UK Information Commissioner’s Office (ICO) describes GDPR as operating on similar principles as the Data Protection Act, but with an added layer of detail and an additional concept of accountability. It will also require that you document and demonstrate how you comply with the principles.
The GDPR applies to ‘Personal data’ i.e. Information about, and data that can identify, individuals.
The GDPR applies to data controllers (who determine how and why personal data is processed) and processors (who process the data on behalf of controllers).
So what are the key issues you are likely to face?
If you are processing personal data, you need to have a legal basis for doing so and must be able to document it. Relying on someone’s consent? Well, you may find that they have greater rights in future – particularly to have their data deleted.
People need to take affirmative action to give consent to their data being used. If they are silent or you have pre-ticked boxes for them, that won’t count. You need to record when and how the consent was given. What’s more, it can be withdrawn at any time.
The GDPR enhances the protection of children’s personal data. For services offered directly to a child the privacy notices must be written in a clear way so that a child will understand. If you offer an online service to children you may need to obtain consent to process the child’s data from a parent or guardian.
The GDPR gives a number of protections to individuals that your organisation must observe:
The right to be informed – you need to provide ‘fair processing information’, which will usually involve a privacy notice. It’s important to be transparent over how you use data.
The right of access – individuals will have similar rights to those under the Data Protection Act. They can ask you to confirm you hold data and request access to that data.
The right to rectification – if information you hold is incorrect or incomplete; an individual has the right to demand that you correct it.
The right to erasure – also known as ‘the right to be forgotten’. Someone is entitled to request that you delete or remove personal data if there is no compelling reason for your continuing to process it.
The right to restrict processing – if an individual asks for the processing of their data to be blocked, you must respect their request. You are only allowed to store the data and retain enough information to ensure their wish is respected.
The right to data portability – this allows people to obtain and then reuse their data – transferring it from one IT environment to another.
The right to object – an individual can object to profiling conducted in the public interest or for direct marketing purposes. They can also object to the use of data for scientific or historical research and statistics.
The GDPR will place a higher emphasis on accountability than the Data Protection Act. The aim of this is to minimise the risk of a data breach and to protect personal data. You will be required to demonstrate that you comply with the regulations. This may include implementing appropriate internal policies, maintaining documentation on processing activities and appointing a data protection officer.
The detail of the regulations is understandably complex, so if you process personal data there are a number of areas that your organisation will need to consider. Your trade or professional association will be working with the Information Commissioners Office (ICO) to prepare guidance for your sector. Speak to your professional advisers who will also be able to assist.
Keep visiting our site for more blogs on this topic over the coming months.
"I have had nothing but a positive experience over the past 5 years from DNG. This tax year they have been particularly fantastic at saving me a considerable amount of money and advising on future payments. Their fees are probably the best money I spend every year. I’ve been asked for their details from 2 friends and family as a result. I would thoroughly recommend them as not only do they get good results, they are very easy to work with."
"We have been very impressed with the service we have received from DNG since outsourcing our payroll at the start of 2017. Our payroll/auto enrolment is not straightforward. Not only do DNG deal with the pension complications effectively and efficiently each month, they also identified errors we made in earlier years enabling us to recover nearly £4,000 of overpaid National Insurance contributions. We are pleased to recommend DNG, and their payroll team in particular, for their professional and diligent approach to providing their services to us."
"DNG provided us with invaluable advice and support as we negotiated our way through a recent MBO. They were super responsive and patient with our never ending questions and queries. I wouldn’t hesitate to recommend their services to other small businesses."
"Halcyon has been with DNG since 2000. In that time they have become an integral part of our business success. Not only do they provide the statutory auditing services but they have become our "Critical Friend" - offering advice and guidance at crucial stages of the Company's evolution and development. It's hard to imagine not having them there.
We are delighted with the quality of service they provide - always professional, always timely and always valued.”
"Jones Wholesale have been clients of DNG’s payroll facility for many years and would not think of changing to any other option. The consistency of service received is extremely reassuring and the staff I have experienced have always been efficient and a pleasure to deal with.
To know that calculations and reports will always be accurate and timely is of paramount importance to me and their knowledge and advice on personnel and tax/benefit matters has proved particularly valuable."
"The British Institute of Non-Destructive Testing (BINDT) has used DNG’s services for over 25 years. DNG are active participants in the day-to-day function of the Institute’s Finance and Accounts department.
BINDT is reassured in the knowledge that the staff at DNG are always on-hand with viable solutions and dependable advice for any financial query passed their way.
DNG provide outstanding payroll and budgeting support to BINDT and are consistent in preparing for and providing a thorough audit of the Institute accounts.
The support and services BINDT receives from DNG are second-to-none."
"iSAMS have been working with DNG since 2008 and they were not only chosen on the basis of their excellent reputation locally but also on their expertise in our particular area of activity.
DNG are our ideal partners and have helped us maximise on the exciting growth our business has seen during its infancy. We particularly value the on-site and personal service provided by the Management Accounting and Systems Support team.
We are more than delighted with the services that they provide and would strongly recommend DNG to any company or individuals seeking very professional and friendly advice."
"Barton Petroleum Ltd have been using DNG’s payroll services for many years now and value highly the confidential and personal service which they deliver. Their speedy and efficient resolution of complex queries is particularly appreciated.
DNG represent excellent value for money at a time when all forms of expenses are under the microscope and I would have no hesitation in recommending them as an outsourced bureau."
"DNG’s approach and conscientious attitude have been invaluable to my business and I could not have done without their expertise. Knowing the payroll for my employees, at the Tattoo Club is in safe hands has allowed me to concentrate on other issues within my business.
I pass on my sincere thanks to them and hope that we will continue our business association well into the future."