The Data Protection Act is changing

On 25th May 2018 the General Data Protection Regulation will come into force.

Regardless of Brexit, the UK Government will still be adapting this new piece of legislation and the final draft is expected in the Autumn (September 2017).

What we know so far

Businesses can now face fines up to €20,000,000 or 4% of their global turnover for failure to keep personal data secure.

In the event of a breach, businesses will have 72 hours to notify their governing body (such as the ICO) and they must also notify those individuals affected.

Individuals will have greater control over their data which means clear consent must be obtained. Furthermore, individuals will have additional rights to access their data and request the data held to be erased.

What to do next

You need to work out what data you hold, how it’s handled and how it’s kept secure.

The nature of your business will determine what you have to do next and we would recommend you seek further advice.

The Information Commissioner’s Office website is a good place to start.

How can T H March help?

We can provide you guidance from the Information Commissioner’s Office (ICO) to help your business obtain consent from prospects and clients while staying compliant with the GDPR. Use the following checklist and best practice guidance to examine your own consent processes.

Cover is available for assistance following a data breach by way of a Cyber Liability policy.

We can also offer a Directors’ and Officers’ policy to protect those individuals who are responsible for handling your company’s data.

Contact your T H March Account Executive or Handler to discuss this further.