You may be aware of the new GDPR (General Data Protection Regulations) that will come into force on 25th May this year, with fines for non compliance being as high as €20,000,000 or 4% of the annual global turnover - whichever is the greater. Whilst not every aspect of these regulations is known as of yet, it is safe to say your business will need to assess the way data is currently handled and potentially make changes to ensure you are compliant as of 25th May 2018. To get started on GDPR and ensure you are compliant you will need to follow the following steps:- Step One Work through the Information Commissioners Office (ICO) 12 step guide of things you need to undertake now. The ICO are responsible for enforcing GDPR in the UK, so this is a great place to start. Step Two Consider whether you process data as a "Data Controller" or "Data Processor". A definition of each can be found here. Step Three Once you have decided which category or categories you fall into, there are various assessments on the ICO website to help you understand and assess your compliance within the new regulations. These include the requirements for data processors, the rights of individuals, data breaches and designating a data protection officer:
Click here to complete a Data Controller assessment Click here to complete a Data Processor assessment The ICO have also created a Frequently Asked Questions Guide for small businesses with less than 250 staff that is written specifically for smaller organisations. This can be found here.