On 25 May 2018 the new General Data Protection Regulation (GDPR) comes into force. This significantly affects all businesses and organisations in how they collect, use and protect any personal data eg client records, staff records and mailing lists. A central requirement of the new law is for organisations and businesses to be fully transparent about how they are using and safeguarding personal data and to be able to demonstrate accountability for their data processing activities. There are potentially severe penalties for non-compliance including fines of up to €20 million or 4% of an organisation’s turnover, whichever is greater. The responsibility to be aware of the regulation and comply lies with the individual organisation which means acting now to ensure you have appropriate procedures in place. This may mean adapting your processes which could have budgetary, personnel and IT implications.
Does GDPR apply to GWA?
Yes it most certainly does. We have always had the confidentiality and security of our clients’ information at the forefront of our practices and this has not changed. However, the new regulations set the standards required to a very high level and to stay compliant with the new legislation will mean some changes for our organisation.
How will the changes in our processes affect our clients?
The most obvious changes that you will be aware of will be in the way we communicate with you, especially if you are used to communicating with us electronically. For example, you will no longer receive documents with personal information included by email. For a number of years we have been using the ‘GWA portal’ to facilitate electronic signatures for documents and we will increasingly use this as a secure document exchange facility. There will also be other new technologies introduced for different elements of our services to ensure that we comply at all times with the new laws.
We need to update the terms of our engagement to reflect how our responsibilities and your rights have changed as a result of this regulation. Hence in the coming weeks you can expect to receive a new letter of engagement which you will need to sign and return.
Historically we have sent information to you regarding events that we are holding that we think will be of interest to you as well as our quarterly newsletter. We may ask you to confirm that you still wish to receive these.
Ultimately the changes are for your benefit and give you additional legal peace of mind that we will continue to handle your personal information in a secure and appropriate manner.
Will GWA be taking care of GDPR compliance on behalf of its clients?
Unfortunately not. If you handle personal data of any sort then it is your own responsibility to educate yourself and comply with the new regulation. Whilst we have a close working relationship with our clients we won’t know all of your processes, procedures or know what personal data you hold. You MUST act now to implement the appropriate procedures.
What should I do now?
• Educate yourself. The infographic below provides a brief introduction to the steps you need to put in place. The UK Information Commissioner’s Office provides further guidance including a GDPR readiness checklist via their website.
• GWA are hosting a series of seminars in April to inform clients of their responsibilities. For further information including dates and venues phone us on 01289 306688 or visit the events page of our website