New GDPR Data Protection Policy
In just over a year’s time, on the 25th May 2018, the new EU General Data Protection Regulation (the “GDPR”) comes into force. The GDPR expands quite significantly on the current data protection regime in the UK, established by the Data Protection Act 1998, and has been designed both to harmonise data protection through Europe, and to modernise it, taking into account scientific and technological advances that have taken place in recent years.
Given the EU angle, it is important to note that the GDPR will apply despite Brexit and that the Government has confirmed that the UK’s departure from the EU will not affect its applicability in the UK.
If your business handles personal data, you will need to comply with the GDPR. The GDPR defines “personal data” as follows: any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. In short, if you currently have to comply with the Data Protection Act, you will have to comply with the GDPR.
New Data Protection Policy
A year may seem like a long time, but there’s no time like the present to start preparing for the GDPR, particularly given that it is a stricter regime than the current one and the penalties for failure to comply are considerably harsher. To assist in your preparations, therefore, Simply-Docs has prepared an all-new Data Protection Policy template.
We have designed this template as something of a ‘living document’, meaning that as more guidance and best practice becomes established over the coming year, our intention is to update and amend the policy accordingly. Moreover, further new data protection documents will be released over the coming months including, subject to feasibility, a further new “short form” Data Protection Policy.
Given its stated purpose, to assist in preparing for the GDPR, our new policy is high in detail, reproducing a number of key provisions from the GDPR itself, providing an important source of information. The policy sets out the rights of data subjects and the obligations of a business as a data controller under the GDPR in detail, laying down a number of organisational and procedural measures to help ensure compliance.
Start Preparing Today!
If your business is already taking data protection seriously, despite a lot of the scare stories that are showing up online, the GDPR shouldn’t be anything to be afraid of, and if you get started preparing now, you should have plenty of time to determine what changes, if any, you will need to implement and to implement them.
Starting with our new Data Protection Policy, we will be providing more information, guidance, and templates as the year progresses, helping to ensure that you will be informed and ready on time. Stay tuned!
The contents of this Newsletter are for reference purposes only and do not constitute legal advice. Independent legal advice should be sought in relation to any specific legal matter.