Is Your Business GDPR Compliant?

Image courtesy of Descrier

The General Data Protection Regulation is potentially the most important change in data privacy regulation in 20-years. Are you ready for it?

What is GDPR?

General Data Protection Regulation is a new regulation drafted by the European Parliament, The Council of the European Union and the European Commision. The new legislation is intended to strengthen and unite data protection for all individuals within the EU.

The United Kingdom currently follows the data protection act of 1998. A bill that had been written and passed before the internet boom. The new legislation will be enforced on the 25th of May 2018 and will allow an individual to have more control over what companies can do with their personal data.

Do I need to be GDPR compliant if we are leaving the EU?

Even though the UK is currently preparing to leave the European Union all UK businesses that have handled or will handle EU citizens data will need to comply.

The new legislation will be enforceable by May 25th, 2018. This will be a year before the United Kingdom officially leave the European Union. As a result, the UK government has confirmed that the regulations will need to apply to any business handling data.

Key GDPR points

Consent – GDPR will strengthen consent, making sure that companies no longer use illegible terms and conditions. The request for consent will need to be given in an intelligible way through an easily accessible form. You will also need to attach your purpose of data processing to the consent form.

Data breaches – Under the GDPR regulations breach notifications will become mandatory. When a data breach is going to result in the risk for the rights and freedom of individuals. You must notify users within 72 hours.

Right to access – GDPR will expand upon the ‘Right to Access’ The right to access will allow you to obtain any information that business stores about you. As a business, you will be required to provide the customer with a copy of their personal data, free of charge. This should be in an electronic format.

Right to be forgotten – European Union citizens will be able to request the controller to not just delete their personal information but they can also request the organisation to stop sharing it with other third-party agencies.

Are you GDPR ready?

Is your business GDPR ready? If not you don’t have long. GDPR will become enforceable on the 25th of May 2018. Just a mere 37 days away. If you would like to find out more information about GDPR and the effects it will have on your business.

What are we doing?

Here at Gambit Nash, we have already started the process of complying with GDPR regulations. If you would like more information on GDPR you can visit