A simple guide to the changing GDPR rules


This week the GDPR laws in the UK are changing. What’s changing? Is it bad, or is it good? Here is a guide so that you don't have to worry.

Let’s start with the basics… what is GDPR?

GDPR, or General Data Protection Laws were first adopted in 1995. With the rapid growth of technology and the internet, individuals sought protection with their information and personal data. This regulation gave consumers confidence to the movement of their data. Until this Friday, the countries within the EU will have operated under this regulation for the last 23 years, so a new law was expected. The UK currently (until this Friday) follow the rules set out by the Data Protection Act 1998.

This change is important for both the public and businesses, so best to read on and find out what’s happening Friday.

What is changing with GDPR this Friday?

In 2017, the government decided that change was for the best in terms of data protection. On 17th September 2017, a new data protection bill was published involving new data protection regulations. This new data protection bill has been discussed and processed through the government body, and will come into new force this Friday.

So, what’s going to change?

They can only have possession of peoples personal data if consent is given.

They will hold responsibilities and be accountable for the personal data they collect from individuals. Consequently, this will involve plans in order to ensure the privacy of people’s data. Businesses with over 250 employees will have to publish documentations stating how personal information is shared. This new act means that data protection is now a far more important issue and has to be taken more seriously.

However, a common misconception with this law suggests that businesses with under 250 employees do not have to worry. This law affects ANY organisation that collects any data for individuals. Small businesses should focus on a simple procedure into how they collect and look after people’s information. It is advised they understand how they collect data, how they protect it and how they provide customers with the information that describes exactly how they plan to do this.

If your business already has existing relationships with your customers, for example, if you send them emails for marketing purposes, you can continue to do this. However, it is advised to send an email describing GDPR and how it may potentially affect them and your relationship.

In response to a consumer requesting personal data, the business will have to respond within one month under the new act. Businesses are no longer allowed to charge customers for doing this.

A significant change of this law is that businesses will be fined if the law is breached. If personal data is shared in a way that does not comply with new regulations, businesses will face significant consequences involving large financial repercussions depending on the size of the matter.

The new law is to encourage businesses to clean the data they collect and share. For example, if they have bought emails from an organisations or sources they are unaware of, it is best to destruct it. Additionally, this law affects any method of sharing data, including post.

An important aspect to remember if you are a small business is that if you are taking away a device that stores personal data about your customers, there must be plans in place in order to cover yourself if you lose it. It is best to make sure your database has private access.

At Grow, we continue to protect your privacy. If you wish to read about how we do this click here.

To find out more visit the Information Commissioner’s Office website

If you wish to find out more from the Deputy Information Commissioner Steve Wood himself - visit this link - http://www.bbc.co.uk/news/av/43921814/gdpr-your-data-protection-questions-answered