How Will The GDPR Affect Your Business?
Should We Be Worried About Fines?
When someone tells you that the new regulations could result in a fine of up to 4% of your global turnover – yes, turnover, not profit (even if it’s subject to a likely maximum of a mere €20 million) – you will probably want to do one of two things:
- You’ll take notice and learn as much as you can about how to ensure your business is bombproof
- You’ll adopt the position that nothing is happening that will affect you because you don’t process personal data anyway
If you fall into the first group you’re probably getting on top of things, but anyone falling into the second will probably not even bother to read this, which is such a shame – for them.
One aspect of GDPR that has caused confusion is what is classed as ‘personal data’, which we’ll examine in a moment, but first let’s lay a few worries to rest.
Changes to the Definition of ‘Processing’
Processing means the collection, collation, storage, retrieval, application and destruction of personal data. It's a wide ranging definition too, anything that can on its own or in connection with other data can identify a natural living person.
It’s always important to remember, particularly when we’re almost all computer dependent, that personal data isn’t restricted to electronic data but includes anything which forms part of a data system. This means that your paper files should also fall under your scrutiny when you are considering your compliance position.
Sensitive Personal Data
Under the GDPR sensitive personal data is regarded as
(a) the racial or ethnic origin of the data subject,
(b) his political opinions,
(c) his religious beliefs or other beliefs of a similar nature,
(d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),
(e) his physical or mental health or condition,
(f) his sexual life,
(g) the commission or alleged commission by him of any offence, or
(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings
(i) Genetic data
(j) Biometric data
S0 the part of GDPR which deals with ‘Processing’ (the term used in the legislation) sensitive personal data needs to be considered, allergies and skin complaints recorded by a hairdresser or beautician will be covered in the same way as a health professional needs to.
GDPR means that the definition of personal data will now include information which can identify an individual.
However, there will be cause for concern amongst organisations that process any data that is designed to identify an individual by IP Address, software cookies, an identification number (think, for example, about mobile phone numbers) or any other online identifier or relating to identifying the location of an individual (as may be applied to augmented reality services, loyalty apps, loyalty cards and free wifi in public spaces).
Exceptions to Stringent Data Control
There are some exceptions when datasets can be pseudonymised (altered in such a way so as to protect the identity of an individual unless a decryption key is used), but the requirements for the security of the key are the same as those which would be required for the data were they not pseudonymised. On the upside, this does enable organisations which deal with large datasets to make those data accessible by members of staff – for example research teams – without those staff members having ready access to individual identifiers.
Whether you Welcome it or not
GDPR is a big topic and there are some who think that it will go away after Brexit, so they’ll only have to keep their heads below the parapet for a year and it will all be over.
That’s neither a practical nor advisable approach.
Time for some practitioner led, pragmatic advice? Talk to us on 01244 300413 or email email@example.com
Get a Quote
About Law Hound
Call us on 01244 300413
We help businesses stay safe – our business risk management consultancy provides clear answers and problem solving know how to your compliance worries
What People Say
have been most impressed by Lawhound. I have been dealing with Steph who took the time to learn and ask about my new business which is something of uncharted territory for both of us. She walked through my business processes and model and anticipated issues that could be cleared up in advance in contract terms and other key documents.This required a bespoke solution starting with a blank sheet of paper and together we developed a set of documents tailored to my specific needs. In practical t…
Extremely high-quality work produced perfectly to our brief and requirements. A very engaging piece for a tricky subject, great communication throughout – would definitely use again.
LH Group is extremely knowledgeable in their areas of law and had excellent communication. They drafted and delivered documents before the deadline! Thank you LH Group.
Great job and very responsive. Highly recommend!
Amazing! Exceeded expectations and time frames on this task. Already have more projects lined up for them.
Top Class, our terms are amazing, well writen and to the point. thankyou.
Law Hound has done perfect and accurate job for me, would definitely recommend their work, many thanks kamila.
New Trade Mark granted, job done! Thanks Guys.
Excellent work, highly responsive, knowledgeable and very good. Would definitely be happy to work with LH Group again and recommend them to anyone interested in getting legal contract work undertaken.
Delivered the document in excellent time for a good price, very pleased with the service and would definitely use LH Group again for any other work like this I may require.