On 25 May 2018 most processing of personal data will have to comply with the General Data Protection Regulations. To help, the Information Commissioner’s Office has provided some online guidance for SMEs which can be found at: https://ico.org.uk/for-organisations/business/.
This help includes:
- A GDPR guide
- A self-help checklist
- SME FAQs
- A helpline for SMEs
Regardless of whether you have hundreds of employees or a handful, the GDPR applies. For those employers who need a little help or do not know where to start, we can provide you with a GDPR compliant privacy standard/data protection policy which sets out the legal requirements which an organisation must met when obtaining, handling, processing, transporting and storing personal data. This policy includes the following topics:
The GDPR requires data controllers to ensure that personal data is accurate, up-to-date and erased or corrected without delay when inaccurate. When a data subject reasonably requests personal data the data controller must provide a copy free of charge. A reasonable fee may only be charged for additional copies or if the requests are unfounded or excessive.
The GDPR is complex and with 25th May approaching we are finding that many organisations are leaving things a little late. It is important to take expert advice as soon as possible.