We support businesses with commercially focused legal solutions that drive growth and protect and preserve your assets and reputations.
Whatever your business, we can help you prosper.
We provide legal support to address the major challenges in life and protect your family and finances.
From relationship breakdowns or personal injuries to property or criminal defence, we can help you achieve the best outcome for you and your family.
Blog updated April 2018.
Kirsty Davey gives her top tips to get your business ready for the new General Data Protection Regulation (GDPR), coming into force on 25th May 2018.
A good starting point is reviewing how you currently hold and manage data. This could be personal information on customers, clients or other contacts. Do you understand how this data is held, who can access it and whether or not it is shared with other companies? Understanding how you currently manage data will be vital to ensuring you make the necessary changes to comply with the new regulation. Build in regular reviews and delete old and unnecessary data.
Under the GDPR, people will generally need to ‘opt in’ rather than ‘opt out’ of receiving information from you or third parties. At the moment, for example, some businesses invite customers to tick a box (opt out) if they do not want to receive further information and some online forms include pre-ticked boxes, which need to be unticked. This will no longer be possible when the new regulation comes into force. Now is a good time to start looking at how people currently sign up to receive information from your business and incorporate a positive ‘opt in’ procedure.
The new regulation sets out stricter terms for how a business needs to respond when sensitive or confidential data is accessed by an unauthorised person – accidentally or otherwise. Under the GDPR, businesses must report any data breaches to the Government body responsible for data protection (the ICO) as well as to the individual affected. It will be far easier to manage any breaches if systems are in place to identify when these occur.
A key element of the new regulation is that individuals should have the right to access their own data, for free and within a shorter timescale than is currently permitted. It will also allow people to exercise more rights around their data, including an expansion on the right of an individual to be forgotten. Businesses should therefore review how they currently manage any data access requests and consider how they can handle them more quickly and efficiently in the future.
The success of any business in meeting the new requirements will be dependent on people across the business understanding the changes. Your business may be under a requirement to appoint a data protection officer and so it is best to look at this sooner rather than later. Although the exact form of the national law is not yet know, it would be wise to start awareness raising as soon as possible. Consider who the key people are – particularly at a senior level – who will need to have an understanding of the GDPR and work out what information they need. You can then put a training and communications plan in place.
For any help or advice around the new GDPR, please contact Kirsty Davey in the Corporate and Commercial team at Coodes Solicitors on 01326 214034 or kirsty.davey@coodes.co.uk. You can also download our GDPR pdf for businesses.
Head of Corporate & Commercial
Call us on 0800 328 3282, or complete the form below and we’ll get back to you as soon as possible.
As of 6th April 2024, paternity leave will be changing to reflect a shifting attitude…
What steps should you take if you suspect someone is committing financial abuse as a…