Are Watford employers prepared for the new data protection regulations?

All businesses handling personal data relating to individuals will be subject to new data protection laws from May 2018. The General Data Protection Regulations (GDPR) will apply to any company processing the personal data of individuals in the EU in relation to offering goods or services, or to monitoring their behaviour. The recruitment sector will be particularly affected.

The GDPR requires personal data held by organisations is processed fairly, is lawfully obtained and used for specified, lawful purposes. It also requires that businesses take practical steps to protect themselves against breaches, ie the unlawful disclosure of personal data.

In addition to adverse publicity and reputational damage, Organisations that breach the GDPR could face fines of up to four per cent of their annual worldwide turnover or €20m, whichever is greater. This is considerably more than the current regime.

What can employers do to prepare now?

Make sure you understand the reasons for holding personal data; review and update your existing data protection policies, procedures and privacy notices; ensure you understand the need for consent; and consider the adequacy of your security system. Some of the most challenging areas will be obtaining consent to use personal data, which no longer can be inferred from silence, pre-ticked boxes or inactivity on the part of the individual whose data is held.

The new regime will require an obligation to report breaches where harm could occur to an individual within 72 hours.

Businesses should be look at staff training, encryption of data, as well as dealing with the consequences of any breaches. Consideration should also be given to appointing a responsible person to ensure the obligations of the GDPR are met.