How prepared are you for GDPR? Do you know how it will affect your business and what you need to do about it?
At Copeland we’re working hard to get to grips with this new legislation and how it will affect our contact with our precious clients and candidates and I wanted to share with you some of our early findings which we hope might be useful to you:
What is GDPR?
A new European legislation coming into play in May 2018 regarding how businesses communicate with their customers (GDPR – General Data Protection Regulation). Don’t be fooled into thinking that Brexit means the GDPR will no longer apply to the UK – it will.
Who does GDPR apply to?
‘Controllers’ and ‘processors’ of personal data i.e. any business or organisation that holds personal data eg for customers, employees, prospects, etc. If you are currently subject to the Data Protection Act (1998), it is likely that you will also be subject to the GDPR.
As recruitment consultants this means all our candidates, our customers & our employees.
What are the key changes that GDPR will make?
Lawful Processing: For processing to be lawful under the GDPR, you need to identify a legal basis before you can process personal data. It is important that you determine your legal basis for processing personal data and document this.
Consent: Consent under the GDPR requires some form of clear affirmative action. Silence, pre-ticked boxes or inactivity does not constitute consent. Consent must be verifiable. This means that some form of record must be kept of how and when consent was given. Individuals have a right to withdraw consent at any time.
What should you be doing about GDPR?
Think about your business and who it will affect – are you a ‘controller’ or ‘processor’ of personal data? If so you need to start planning and preparing for GDPR now – the sooner you start the better.
What are Copeland doing about GDPR?
Where can you get more information?
A good place to start is the ICO website where there is lots of useful information: https://ico.org.uk/for-organisations/data-protection-reform/
The information provided and the opinions expressed in this document represent the views of Copeland Select Ltd. They do not constitute legal advice and cannot be construed as offering comprehensive guidance to GDPR, the Data Protection Act 1998 or other statutory measures referred to in the document.