In just over a year’s time, on the 25th May 2018, the new EU
General Data Protection Regulation (the “GDPR”) comes into force. The GDPR
expands quite significantly on the current data protection regime in the
UK, established by the Data Protection Act 1998, and has been designed both
to harmonise data protection through Europe, and to modernise it, taking
into account scientific and technological advances that have taken place in
Given the EU angle, it is important to note that the GDPR will
apply despite Brexit and that the Government has confirmed that the UK’s
departure from the EU will not affect its applicability in the UK.
If your business handles personal data, you will need to comply with the
GDPR. The GDPR defines “personal data” as follows: any information relating
to an identified or identifiable natural person (a data subject); an
identifiable natural person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier, or to one or
more factors specific to the physical, physiological, genetic, mental,
economic, cultural, or social identity of that natural person. In short, if
you currently have to comply with the Data Protection Act, you will have to
comply with the GDPR.
New Data Protection Policy
A year may seem like a long time, but there’s no time like the present to
start preparing for the GDPR, particularly given that it is a stricter
regime than the current one and the penalties for failure to comply are
considerably harsher. To assist in your preparations, therefore,
Simply-Docs has prepared an all-new Data Protection Policy template.
We have designed this template as something of a ‘living document’, meaning
that as more guidance and best practice becomes established over the coming
year, our intention is to update and amend the policy accordingly.
Moreover, further new data protection documents will be released over the
coming months including, subject to feasibility, a further new “short form”
Data Protection Policy.
Given its stated purpose, to assist in preparing for the GDPR, our new
policy is high in detail, reproducing a number of key provisions from the
GDPR itself, providing an important source of information. The policy sets
out the rights of data subjects and the obligations of a business as a data
controller under the GDPR in detail, laying down a number of organisational
and procedural measures to help ensure compliance.
Start Preparing Today!
If your business is already taking data protection seriously, despite a lot
of the scare stories that are showing up online, the GDPR shouldn’t be
anything to be afraid of, and if you get started preparing now, you should
have plenty of time to determine what changes, if any, you will need to
implement and to implement them.
Starting with our new Data Protection Policy, we will be providing more
information, guidance, and templates as the year progresses, helping to
ensure that you will be informed and ready on time. Stay tuned!
The contents of this Newsletter are for reference purposes only and do not constitute
legal advice. Independent legal advice should be sought in relation to any specific