Are You Ready?…. GDPR (General Data Protection Regulation)

The GDPR (General Data Protection Regulation) will take effect in every EU member state on 25th May 2018 and will affect every organisation that collects or handles data relating to EU residents.

Failure to meet the requirements could turn out to be expensive – up to 4% of annual global turnover or €20 million, whichever is greater. The data controller is responsible for demonstrating that the organisation applies to the six principles outlined in Article 5 of the GDPR:

Personal data must be:

1. be processed lawfully, fairly and transparently.
2. be adequate, relevant and limited to what is necessary for processing.
3. accurate and kept up to date.
4. kept in a form such that the data subject can be identified only as long as is necessary for processing.
5. processed in a manner that ensures its security.

and can only:

6. be collected for specified, explicit and legitimate purposes.

These six principles are at the heart of the Regulation, but it’s important to consider other areas, including: consent and documentation of consent, lawful processing, controller/processor contracts, the data protection officer (DPO), accountability and the board, and how to respond to data breaches.

There has to be a legitimate reason for collecting data. This should be made clear in the organisation’s GDPR Policy.

If you consider that a breach has taken place then you need to report it to the ICO within 72 hours. This may result in a fine/ civil and/or criminal action.

At Nayyars all of our data is collected and used in a compliant manner. We take Privacy very seriously and will only use your personal information to update you on your file and also to provide you with news about our legal services.  We will NOT share your personal information with any third party companies.

A full copy of our Privacy Policy is available from our Website or by contacting us on 0161 491 8520.
Sue Chauhan

New Claims Team