Many SME companies will be affected by the EU General Data Protection Regulation (GDPR) which comes into force on 25th May 2018. Under the GDPR the senior management of a business has a duty to know about the content and operation of that business’s compliance regime, and to oversee its implementation and effectiveness appropriately. For most SME companies, the senior management concerned will be their board of directors. Directors will also need to satisfy themselves that in protecting personal data they are meeting their requirements to promote the success of the company, in accordance with section 172 of the Companies Act 2006.
Therefore, to add to our GDPR offering, this month we have included a corporate memo that can be given to the directors of a private company outlining the issues that they will need to consider to ensure both immediate and on-going GDPR compliance.
This memo includes a discussion of:
- the GDPR;
- penalties for breach;
- the significance of personal data to SME companies;
- the duties of a company board in relation to the GDPR;
- the role of the data protection officer (DPO);
- the organisational culture of GDPR compliance that directors should lead; and
- the resources and training that should be directed towards GDPR compliance.
We have also added a useful set of board minutes that can be used by boards to record their proceedings at a board meeting convened to consider and approve their GDPR compliance. These board minutes are a useful way for boards to document that they understand the requirements of the GDPR, have considered the changes required to comply with the new data protection regime and have put in place relevant policies and procedures.
The contents of this Newsletter are for reference purposes only and do not constitute legal advice. Independent legal advice should be sought in relation to any specific legal matter.