10 thing you NEED to know about GDPR
1) What is GDPR?
GDPR stands for General Data Protection Regulation and will come into force on the 25th of May 2018. GDPR is a European privacy regulation replacing all existing Data Protection legislation. The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. The current data protection legislation dates back to 1998 – a time when internet usage and cloud technology was vastly different.
2) Who does GDPR apply to?
The GDPR applies to all businesses including sole traders, located in the EU that process personal data. It also applies to non EU organisations if they offer goods or services to, or monitor the behaviour of, EU citizens. It applies to all organisations processing and holding the personal data of EU citizens, irrespective of the organisations location.
3) What is personal data?
Personal data is defined as “any information related on a natural person or ‘Data Subject’ that can be used to directly or indirectly identify a person.” Personal data can be a:
• A name
• A photo
• An email address
• Bank details
• Posts on social networking websites
• Medical information
• CCTV images
• Records of websites visited
• A computer IP address
4) What are the 6 principles of GDPR?
Personal data should be:
• Processed lawfully, fairly and in a transparent manner
• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
• Adequate, relevant and limited to what is necessary
• Accurate and kept up-to-date
• Kept for no longer than necessary
• Processed in a confidential and secure manner
5) Where is a good place to start preparing?
A good starting point for preparing for GDPR is to create an inventory of all personal data held and answer the following questions:
• Why are you holding the data?
• What is the legal basis for holding the data?
• How is the data obtained?
• Why the data was originally gathered?
• How long is the data held for?
• How is the data saved? Is it saved securely?
• Is the data shared with anyone else and with whom?
As the GDPR requires organisations to be in a position to demonstrate compliance with its requirements, documenting the above will enable employers to:
• Identify and gaps in compliance
• Put in place processes to rectify gaps
• Produce evidence of its compliance on the new GDPR
In preparation for GDPR you must be aware of your data protection responsibilities and ensure that all employees are aware of their responsibilities when processing data. Ensure that you have an up to date data protection/privacy policies addressing the six principles of GDPR and apply it to your organisation.
For more information see: “12 steps to take for GDPR”
6) How do I report a breach?
A breach is defined as a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of or access to personal data. Breaches must be reported to the ICO within 72 hours, but only if the breach is likely to result in a high risk to the rights and freedoms of individuals for e.g. result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. Breaches likely to result in a high risk to the rights and freedoms of individuals must also be reported to the individuals concerned.
7) What are the consequences of a GDPR breach?
Organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements. There is a tiered approach to fines e.g. a company can be fined 2% of annual global turnover or €10 Million (whichever is greater) in some situations for lesser breaches.
8) Do I need a Data Protection Officer (DPO)?
The main role of the DPO will be to monitor internal compliance and it is mandatory to appoint a DPO for:
• Public Bodies
• Organisations engaged in large scale regular/systematic monitoring
• Organisations whose core activities consist of processing “special categories” of data or data relating to criminal convictions
• May be mandatory in other contexts as defined by Member State Law
9) What is Bright Contracts doing to ensure compliance with GDPR?
Data Protection has always been a priority for Bright Contracts and we’ve always aimed to act with complete integrity in this regard. We are committed to being GDPR compliant and are putting a number of security measures in place including:
• We are reviewing our privacy policy and making necessary changes where needed to ensure we are communicating accurately with our customers.
• In terms of the Bright Contracts content, we will be amending the appropriate data protection clauses in the contract and handbook. These will be completed well in advance of 25th May 2018.
10) How secure is my data in Bright Contracts?
Your Bright Contracts data files are encrypted so if someone gets a copy of your data they cannot read it. Whilst we have security measures in place to protect your data, it remains your responsibility to keep your sign in details secret and to sign out of Bright Contracts when you are not using it and to ensure there is no unauthorised access to your computer.
For further information register now for our GDPR webinars here
And read our GDPR blogs here
To book a free online demo of Bright Contracts click here
To download your free trial of Bright Contracts click here
The countdown to the GDPR is on!
With less than 5 month to go before the new General Data Protection Regulation (GDPR) comes into force employers are urged to start preparing immediately if they haven’t already done so.
What is it?
The GDPR is a European privacy regulation replacing all existing data protection regulations and will come into play on 25 May 2018. The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.
The GDPR applies to all businesses including sole traders that process personal data (a name, photo, email address, bank details etc.) so it is safe to say that it will affect all businesses in some way. Employers are advised to be prepared otherwise they will face fines of up to €20M or 4% of annual global revenue, whichever is greater, for non-compliance. So how can you start preparing to ensure your business is fully compliant?
Preparation
A good starting point for preparing for GDPR is to create an inventory of all personal data held and answer the following questions:
• Why are you holding the data?
• What is the legal basis for holding the data?
• How is the data obtained?
• Why the data was originally gathered?
• How long is the data held for?
• How is the data saved? Is it saved securely?
• Is the data shared with anyone else and with whom?
As the GDPR requires organisations to be in a position to demonstrate compliance with its requirements, documenting the above will enable employers to:
• Identify and gaps in compliance
• Put in place processes to rectify gaps
• Produce evidence of its compliance on the new GDPR
In preparation for GDPR you must be aware of your data protection responsibilities and ensure that all employees are aware of their responsibilities when processing data. Ensure that you have an up to date data protection/privacy policies addressing the six principles of GDPR and apply it to your organisation.
For further information register now for our GDPR webinars here
And read our GDPR blog here
To book a free online demo of Bright Contracts click here
To download your free trial of Bright Contracts click here
What lies ahead for employers in 2018?
2018 looks set to be another busy year. We take a look at some of what’s coming down the pipeline.
April 2018 - Gender Pay Reporting
Private and voluntary sector employers in England, Wales and Scotland with at least 250 employees will be required to publish information about the differences in pay between men and women in their workforce, based on a pay bill ‘snapshot’ date of 5 April 2017, under the Equality Act 2010 (Gender Pay Gap Information) Regulations 2017. The first reports must be published by 4 April 2018.
Legislation in Northern Ireland mirror the above, except they also include fines of up to £5,000 for non-compliance, and a requirement to report on ethnicity and disability pay gaps, as well as gender.
April 2018: Termination Payments
The government plans to make changes to the taxation of termination payments from April 2018. The proposals include:
• removing the distinction between contractual and non-contractual PILONs (payments in lieu of notice) so that all PILONs are taxable and subject to Class 1 NICs]
• ensuring that the first £30,000 of a termination payment remains exempt from income tax and that any payment paid to any employee that relates solely to the termination of the employment continues to have an unlimited employee NICs exemption
• aligning the rules for income tax and employer NICs so that employer NICs will be payable on payments above £30,000 (which are currently only subject to income tax)
A government consultation on the issue closed in October 2016.
April 2018 – Restricting Employment Allowance for Illegal Workers
The government plans to introduce a further deterrent to the employment of illegal workers. From April 2018, employers will not be able to claim the Employment Allowance for one year if they have:
• hired an illegal worker
• been penalised by the Home Office
• exhausted all appeal rights against that penalty.
A consultation containing draft regulations closed in January 2017.
25 May 2018 – General Data Protection Regulations
The much anticipated General Data Protection Regulation will come into force from 25th May 2018. For those who haven’t already started preparing, now is the time. The GDPR will apply to ALL companies and sole traders that process personal data, the definition of personal data is broad and can include anything from a name, an email address or an IP address.
With possible fines of €20 million or 4% of annual turnover – which ever is higher, businesses need to sit up and take heed.
For further information of GDPR sign up to our employers webinar here or read our blog here.
To book a free online demo of Bright Contracts click here
To download your free trial of Bright Contracts click here
To subscribe to our newsletter click here
