Author Archives: Cara Dale

The General Data Protection Regulation

New requirements for all businesses!

You’ll no doubt have been inundated with news about the changes that come into force on 25 May 2018 with respect to European data protection laws, but have you considered how these new laws will affect your UK business or you?

The current Data Protection Act (DPA) is being updated to reflect the General Data Protection Regulation (GDPR) obligations. It is a framework with greater scope, much tougher punishments, and judicial remedy for those who fail to comply with new rules around the storage and handling of physically and electronically stored personal data. The UK’s decision to leave the EU will not affect the commencement of the GDPR.

Why are these new laws being introduced?

Since the DPA was introduced in 1998, technology and the internet have developed at such a rapid rate that the DPA rules are now deemed ineffective. These days, the ease and sophistication of data collection means that thousands of SMEs not only collect personal details, but store, move and access them online. Personal data is used in everything from sales to customer relationship management to marketing. Cybercriminals are now much more common, and much more sophisticated. In 2016, companies in the UK lost more than £1billion to cybercrime. Major data breaches have given criminals access to names, birthdates, addresses; even social security and pension information.

A recent report from the Federation of Small Businesses (FSB) claims that SMEs are now more likely to be targeted by cybercriminals than their large corporate counterparts, as cybercriminals consider SMEs softer targets and so, the GDPR is considered a necessity for the protection of data in a modern internet based society.

It is also a chance to take a fresh look at your data security as data breaches may impact on your business reputation.

What does the GDPR mean for you and your business?

As a business you must keep a detailed record of how and when an individual has freely given you consent to store and use their personal data; meaning a positive agreement is given, not one inferred from a pre-ticked box. Individuals have the right to withdraw consent and be forgotten, therefore permanently erased.

In short, businesses should review their existing data and delete any, where they do not have a valid reason for holding it. The General Data Protection Regulation (GDPR) sets out the legal bases available for processing personal data such as needing it to perform a business contract. Businesses should review what data they hold, have they got consent and do they need to keep it?

Businesses should ensure that all data is kept securely and will require a review of current practices to prevent data breaches, both electronically and physically. Personal data is a key tool for SMEs looking to target and retain customers: GDPR means it must be handled with the utmost care.

You should start planning for the GDPR now if you haven’t already, and consider an information audit as well as a potential change in culture. We have produced a guidance checklist of some of the key points of GDPR to assist you in becoming compliant, please see below. You must ensure you have the correct permissions and that data is stored as securely as possible, a more detailed guidance can be obtained from the Information Commissioner’s Office.

GDPR Planning Checklist

The GDPR takes force from 25 May 2018 and businesses are expected to put into place comprehensive but proportionate governance measures.

You can use our GDPR Checklist to assist in helping prepare for the GDPR by documenting existing procedures and looking for areas to strengthen.

You will need to use your judgement to confirm you have proportionate governance measures if you complete the planning yourself or you may choose to use an external consultant. Document the actions you are planning to take and note the changes.

Shared Parental Leave

1st December saw changes in parental leave legislation to enable working parents to share leave following the birth or adoption of their child, and applies to couples with babies due, or children matched or placed for adoption, after 05 April 2015.

The new rules allow parents, after an initial 2 weeks, to share up to 50 weeks’ leave and 37 weeks’ pay. It will mean a mother could choose to return to work more quickly, by handing her unused allowance over to the father.

As with other parental leave legislation, notice periods of not less than 8 weeks notification are built in so that employers are able to plan.

Employers should be aware that:

  • During the 52 weeks’ leave, parents could take up to three separate sets of leave;
  • Or, they could make up to 3 separate changes of the dates they wish to take leave;
  • Employers will not be able to refuse the taking of leave;
  • Employers could refuse requests for split periods of leave;
  • The mother could change her mind from taking shared leave to remaining on leave herself, if she notifies of this within the first 6 weeks following the child’s birth;
  • In addition to a mothers 10 KIT days, there are now 20 SPLIT (shared parental leave in touch) days available between mother and father.

Further details of Shared Parental Leave are available on the gov.uk website.