{"id":5398,"date":"2017-10-25T09:37:31","date_gmt":"2017-10-25T08:37:31","guid":{"rendered":"https:\/\/www.qualitycompanyformations.co.uk\/blog\/?p=5398"},"modified":"2024-01-30T11:00:56","modified_gmt":"2024-01-30T11:00:56","slug":"gdpr-will-affect-company","status":"publish","type":"post","link":"https:\/\/www.qualitycompanyformations.co.uk\/blog\/gdpr-will-affect-company\/","title":{"rendered":"What is GDPR and how will it affect my company?"},"content":{"rendered":"

Customers across the globe have become increasingly wary about the way in which companies are using and sharing their personal data. That\u2019s why the European Union stepped in with sweeping legislature designed to empower consumers and punish companies for infringing on people\u2019s privacy in May 2018. It\u2019s called GDPR, and if you handle any data whatsoever, it affects the way you do business.<\/p>\n

We\u2019ve created brief guide to help you to understand GDPR rules and how your company can operate within them.<\/p>\n A professional company secretary to look after your business<\/span><\/a>\n \n

Big data has completely revolutionised the way companies do business. Thanks to rapid IT developments, companies now have unprecedented access to information about their clients, customers, marketing leads and everything in between. It\u2019s fantastic for business owners attempting to improve their services and strengthen sales \u2013 which is why a staggering 85% of companies are trying to become more data-driven<\/a>. But with great power comes great responsibility.<\/p>\n

What is GDPR?<\/h3>\n

The General Data Protection Regulation (GDPR)<\/a> is a legal framework set up by the EU, which came into law in the UK in May 2018 via the Data Protection Act 2018<\/a>. Its rules apply to all European states \u2013 including the United Kingdom. The UK Government has stated it intends to incorporate the GDPR into UK data protection law after the end of the transition process of leaving the EU, which could be effected in practice by not amending the Data Protection Act 2018, which has already incorporated it.<\/p>\n

GDPR spells out the way \u201ccontrollers\u201d and \u201cprocessors\u201d use and store information. If you\u2019d like to learn more about controllers and processors, the Information Commissioner’s Office (ICO) has an all-encompassing guide spelling out exactly who they are and how to tell the difference.<\/p>\n What is a business loan and how can my company get one?<\/span><\/a>\n \n

The most important thing about GDPR is the penalty your company may be liable to pay if you\u2019re found to not be compliant. Under GDPR rules, the ICO can impose fines of up to \u20ac20 million or 4% of your company\u2019s worldwide turnover \u2013 whichever is greater.<\/p>\n

How does GDPR work in practice?<\/h3>\n

GDPR imposes tough rules on companies in several key data and privacy areas.<\/p>\n

First and foremost, GDPR penalises companies for being unclear with customers when signing up for marketing communications. Individuals must explicitly opt-in and give consent for any company newsletters, marketing calls or other messages.<\/p>\n

If your business uses online forms, you cannot use pre-ticked boxes. Your company must also clearly communicate their intention to use data and approach individuals via multiple platforms. That means if you\u2019re going to contact a customer via email and SMS, you need to spell that out on your enquiry form, so that they can pick and choose how you\u2019ll be using their data at a granular level.<\/p>\n

GDPR also contains robust privacy regulations. Companies must explain how and why they\u2019re using data, how long they\u2019ll hold on to it, explicitly state third parties they might be sharing it with, and explain individuals have the right to opt-out or complain if they\u2019re not happy with how their data is being used.<\/p>\n

The trickiest issue for companies in terms of GDPR compliance is grandfathering consent. Companies are only be able to process and keep data about staff and customers that was collected under the previously outlined rules about giving explicit consent.<\/p>\n

Companies are allowed to \u201cgrandfather\u201d, or keep using data collected before May 2018, as long as it was gathered in a way that was already GDPR-compliant \u2013 but examples of pre-existing compliance are rare.<\/p>\n What is the Business Asset Disposal Relief scheme, and is my business eligible?<\/span><\/a>\n \n

Another crucial aspect of GDPR is that it stipulates large businesses and public authorities need to appoint a designated Data Protection Officer to be responsible for all of this data. You\u2019re allowed to appoint a single data protection officer to act for an entire group of companies if you need to. This doesn’t apply to small companies, unless they\u2019re engaging in large-scale systematic monitoring or handling of sensitive personal data.<\/p>\n

GDPR also contains child protections in terms of data. All potential enquirers under the age of 16 must provide companies with explicit permission from a parent before they\u2019re allowed to process user details.<\/p>\n

Finally, GDPR is safeguarded against national borders by its clauses on international data use. Even if your company is based outside the UK, it must comply with all GDPR rules if it\u2019s using or monitoring any data relating to an EU citizen. Likewise, your company must obtain explicit permission from an individual to transfer or use their personal data anywhere outside the EU.<\/p>\n

Consent and privacy<\/h3>\n

If your company needs to be GDPR-compliant, valid consent is going to be the first major hurdle. Consent is defined as a freely given, specific, informed and unambiguous indication of the individual\u2019s wishes. If you want to use a customer\u2019s information to process a sale or keep in touch with marketing emails, that\u2019s what you need to obtain.<\/p>\n

More importantly, you\u2019ve also got to keep records so your company can demonstrate that consent has been given by the individual.<\/p>\n

All requests for consent must comply with the following rules:<\/p>\n