With Christmas fast approaching, followed quickly by New Year it’s time to do some planning!
Presents to buy, who, when, where on Christmas Day, Boxing Day and New Year? Food to order, collect, prepare and cook, silver, red or gold tableware? Real Christmas tree vs the trusty false one that’s never been bald by Christmas Eve – fairy or star? Decisions, decisions, so much to do, so little time! And so starts the countdown…
…not only the countdown to Christmas but also to the GDPR. For those not familiar with the GDPR it stands for the General Data Protection Regulation and will come into force in the UK on May 25th 2018. The aim of the regulation is to give individuals power over their personal data and unify data protection legislation within the European Union. With this being an EU regulation, post Brexit there were thoughts that it would not apply to the UK. Given Article 50 has not yet been invoked, the earliest the UK will leave the EU is the end of January 2019. Therefore the GDPR will apply directly in the UK for some time, and the GDPR or similar will be made UK law following the UK exiting the EU. At the very least companies operating across Europe will have to comply with the regulations post leaving the EU.
So what planning do companies need to do ahead of 25th May 2018? The ICO has a good overview of the GDPR on their website. Together with this they have also set out the 12 steps (1) that Companies who control or process data will need to make in preparation for the big day – exactly 17 months after Christmas Day 2016.
The 12 steps range from ensuring senior decision makers at companies are aware of the changes that will be implemented by GDPR, to the obtaining and recording of consent to be contacted. Data breach and Data Protection Impact Assessments are also covered. Interestingly if the recent data breach by Tesco bank had occurred when the GDPR was in force they could have been facing a fine or nearly £2 billion. Scary thought.
The clock is ticking….Christmas and the GDPR are getting closer. Act now, for those of you who process or control personal data, review the ICO’s 12 steps to take in preparation for that big day, the GDPR!
Good luck with your plans for Christmas and the GDPR, I hope they run smoothly…which reminds me the last posting date for Christmas is 21st December!
Merry Christmas & I wish you a Prosperous New Year.