The General Data Protection Regulation (GDPR) is due to come into force on 25 May 2018. The new GDPR will mean that some companies might have to change their current practices to ensure they comply with the new laws! This could be scary for a variety of businesses, especially if you’re not sure what changes are going to happen!
Luckily for us, A-Storage attended a GDPR seminar at The Hilton Hotel in Bournemouth last week. The informative seminar was run by the knowledgeable Laceys Solicitors. Laceys Solicitors have helped many Bournemouth businesses in the past with legal issues and data compliance. Edwina Young and Luke English headed up the event and they brought us all up to date on the key changes, how it would affect our businesses and how we could prepare early!
This doesn’t just affect Self Storage Companies in Bournemouth, so, in order to help other companies adjust to the new GDPR, we thought we would share parts of the seminar, with permission from Laceys Solicitors of course.
|Personal data||Information relating to an identified or identifiable natural, living person. This means that customer information that is stored by a reference number or code will be classed as personal data.|
|Data subject||The individual to whom the personal data relates (including customers, employees, suppliers and individuals who are caught on CCTV cameras).|
|Data controller||An organisation that determines the way in which personal data is processed.|
|Data processor||An organisation that processes personal data, but only in accordance with the instructions of the data controller. This can include subcontractors and agents.|
|Processing||Collecting, disclosing, storing, using or any other operation performed upon personal data. If you use personal data in any way you will be “processing” it.|
|Special categories of personal data||Specific types of personal data that require additional protection, including data relating to racial / ethnic origin, trade union membership or physical / mental health or condition. Previously known as sensitive personal data.|
A few basic principles:
These are largely the same as those currently in force:
- Data must be processed lawfully, fairly and in a transparent manner. Organisations must be upfront with individuals, explaining how they will use their personal data and taking their interests into consideration.
- Data must be collected and processed for specified, explicit and legitimate purposes. One of a number of conditions must be met before data can be processed (for example where the individual has given their consent).
- All Data must be accurate and kept up to date. Incorrect data must be corrected.
- Data must be kept for no longer than is necessary. Organisations should periodically destroy personal data where they no longer have a reason to store it.
- Data must be kept secure and confidential. Appropriate steps must be taken to help ensure that data is not lost, stolen or unlawfully disclosed.
Some key changes:
- Where an organisation relies on consent in order to process personal data, they now need to ensure that this is freely given, informed, specific, unambiguous and documented. Businesses will not be able to rely on implied consent (such as “unless you tell us otherwise we will assume that you are happy for us to …”).
- Organisations will need to obtain the consent of a parent or guardian in order to offer an online service to anyone under the age of 13 (in the UK – this may be different in other EU countries). If businesses are directing their goods or services at children, they will also need to ensure that their privacy notice (the notice that sets out the way in which you process personal data) is written in a way children will understand.
The scope of data protection has expanded:
- Non-EU businesses that offer products to / monitor the behaviour of EU citizens must comply.
- IP addresses and online identifiers are now specifically included within the definition of personal data.
- All manual filing systems are now included in the scope of personal data where personal data can be accessed by specific criteria.
This is only a small chunk of what is going to change. If you would like to find out more, get in touch with Laceys Solicitors. You can find their contact details here!
As a small business ourselves, we highly recommend this. This is valuable not only for Storage Companies in Bournemouth but for other SME’s in Bournemouth, Poole, Christchurch and Dorset. After all, you can never be too prepared!
The information provided in this article has not been tailored for any particular person or organisation and is not a comprehensive treatment of the subject matter covered, and should not be relied on as such. Legal advice should be sought about your specific circumstances before taking any action with respect to the matters discussed. Further guidance and legislation is due to be implemented by UK and EU authorities and so there is no guarantee that the information set out in this document will remain correct. Up-to-date advice should always be sought.