Nigel Miller is a partner with City law firm Fox Williams LLP and will be speaking again at the GDPR Conference Europe on 20th June. Mr Miller will discuss how our individual rights are changing and what businesses must to to ensure they are GDPR compliant.
Here are some of his top tips to become GDPR ready:
Information You Hold
Typically, the data which SME’s hold includes employee, supplier, prospect and customer records. The GDPR will apply where this data is held on computer or in an organized hard copy file.
You should document what data you hold, where it came from, how you use it and with whom you share it. Doing this will also help you to comply with the GDPR’s “accountability” principle; this requires businesses to be able to show how they comply with the data protection principles, for example by keeping records of their data handling and having effective policies and procedures in place.
You should review your current privacy policies and plan to make any necessary changes in time for the GDPR.
The GDPR requires this information to be provided in concise, easy to understand and clear language.
You should review how you are seeking, obtaining and recording consent and whether you need to make any changes.
Consent has to be a positive “opt-in” indication of agreement to personal data being processed; it cannot be inferred from silence, pre-ticked boxes or inactivity. If you rely on individuals’ consent to process their data, you must make sure it will meet the new higher standards required by the GDPR.
If you collect information about children (in the UK this will probably be defined as anyone under 13) then you will need a parent or guardian’s consent.
On the whole, the rights individuals will enjoy under the GDPR are the same as those under the current law but with some significant differences. In particular, there are potentially significant new rights, including a “right to be forgotten” and a right to data portability. The new rights are somewhat complex and there may be practical problems in exercising and enforcing them. As a result, they may not deliver the benefits that consumers expect.
To hear more from Nigel Miller and other GDPR experts attend the next GDPR Conference Europe on June 20th.
Originally published on GDPR.Report