The General Data Protection Regulations (GDPR) came into force on 25 May 2018 and they place substantial obligations on any person or organisation managing or handling data.
Data is any information relating to an identifiable person who can be directly or indirectly identified. This definition provides for a wide range of personal identifiers that constitute personal data, including; name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
GDPR refers to sensitive personal data as “special categories of personal data”. The special categories specifically include racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences
GDPR sets out 7 core principles that must be complied with when holding, handling and processing data:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
In the event of a breach of GDPR, an organisation can face sanctions from the Information Commissioners Office including warnings, bans on data processing and fines – which could be up to 4% of annual turnover or £20million, whichever is greater.
As such it is vitally important for a business to properly understand its obligations under GDPR and when these can arise in the day to day running of their business. Once you understand your obligations it is essential to ensure your paperwork and processes are running smoothly to comply with GDPR including obtaining specific consent for processing data, data processing agreements, privacy notices, appointing Data Processing Officers, handling data breaches and data subject access requests.
Our employment team can help you manage the handling of personal data in your business by reviewing your processes, advising if data is breached and how to manage your employees who handle personal data.
2 steps to contacting Howells
We’ll listen carefully to you, clarify what you’re trying to achieve, and then explain if and how we can help you. We will take some initial information and liaise with a legal professional regarding your case. If it looks like we can help, we will book you in for a consultation with a legal professional.
Our Employment team, is renowned for its no-nonsense, energetic and pragmatic approach. Its success isn’t just down to its extensive knowledge of the law, it’s also the way we pride ourselves on putting our client first, getting to know you and understanding what you want to achieve. To get the best results for you and achieve commercially sensible outcomes it is essential that we understand your business.