NEW - General Data Protection Regulation

Wandsworth Chamber Helping Members Achieve GDPR Compliance

What is GDPR?
​The General Data Protection Regulation is a new set of rules that governs the privacy and security of personal data and replaces the Data Protection Act.
 
GDPR will apply from 25th May 2018 and from this date, all companies must be fully compliant.
 
Any fines imposed for not being compliant are required to be effective, proportionate and dissuasive and can be up to 20 million Euro or 4% of turnover, whichever is the greater.
 
The definition of 'Data' is more detailed than before and includes online identifiers such as IP addresses.
 
GDPR applies to both automated personal data and to manual filing systems where personal data are held.

 In summary, if you keep any customer or staff records you will need to comply with the new rules.

Lawful processing

For processing of data to be lawful under GDPR, you need to identify a lawful basis before you can process the data. You need to identify the lawful basis for the processing and document it, before the processing takes place.


Accountability
You are expected to put in place comprehensive but proportionate governance measures and in some circumstances, privacy impact assessments and privacy by design are legally required.

These measures are aiming to minimize the risk of data breaches but will mean that more policies and procedures are required.

How can Auditel help your business?

• We are able to audit and provide a gap analysis to identify where work is required to become GDPR compliant.
• We can assist with data impact assessments and have a comprehensive toolkit to make easily prepare required policies and procedures.
• We can provide regular support and audits to prove compliance.
• Using Auditel to ensure your business is and remains compliant will allow you to focus on your customers.

Contact Auditel through the Wandsworth Chamber Member's Area