GDPR: Are you Ready?

Commercial Article

16 November, 2017

The General Data Protection Regulation (GDPR) will come into force in the UK from 25 May 2018 and will apply to all 'controllers' and 'processors' of 'personal data'. The education sector holds vast amounts of personal data relating to its employees, students and pupils who are processed into the system, amongst others who are contracted through the schools. It is advisable to become familiar with these provisions at an early stage.

The key provisions being introduced by the GDPR include:

  • Significant increase in the enforcement powers of the Information Commissioner's Office (fines will rise from a maximum of £500,000 to €20 million or 4% of annual global turnover, whichever is higher);
  • All public authorities must appoint a Data Protection Officer;
  • Changes have been made to the 'subject access request' procedure - you can no longer charge for such requests in most circumstances and the time to respond to requests has been reduced;
  • Changes are made to the definition of consent meaning it will be harder to obtain and easier to withdraw;
  • High risk processing with require a Privacy Impact Assessment; and
  • Introduction of mandatory reporting within 72 hours in some circumstances.

How to Prepare?

The changes being introduced by the GDPR are extensive and compliance will take time to implement. We are advising that our education clients take the following steps in order to prepare:

  • Appoint a Data Protection Officer if you are required to do so;
  • Carry out an information audit to establish what personal data is held and the reasons why, where it is stored, who it is shared with, who has access to the information and how long the personal information is kept for;
  • Create a clear record of data processing activities, including consideration of whether it is necessary to obtain consent in certain circumstances and if so, how and when consent was obtained;
  • Review your existing policies, procedures and privacy notices to ensure that they are amended to comply with the GDPR;
  • Review any existing contracts that will still be ongoing in May 2018 to determine whether any amendments are required so that they are GDPR compliant; and
  • Consider what training employees will require ensure that they are aware of the GDPR and how to comply with the rules to reduce the risk of a break and mitigate the consequences if there is a breach.

If you are looking for any more information with regards to our services view our Education section. You can also contact Ruth Rule-Mullen in our Education department via email or phone on 01772 220195. Alternatively send any question through to Forbes Solicitors via our online Contact Form.

Back

16 Nov 2017

Commercial

NEWS AND ARTICLES

GDPR: Are you Ready?

The General Data Protection Regulation (GDPR) will come into force in the UK from 25 May 2018 and will apply…

Read the article

Very thorough and precise with each contract and have made it very easy for us to feel very confident going into new territories, whether it being a different country or a different manufacturer.

Patrick

More clients

Have dealt with several staff at Forbes. Always very clear, professional and approachable. Happy to recommend them and will use again.

Steve

More clients

John brings a high level of expertise which we're sure will benefit our members.

Andrew Hamilton
Training Manager
NWL Chamber of Commerce

More clients

Forbes Solicitors have acted on behalf of WEC Group Limited for many years providing advice on a range of matters including Corporate & Restructuring and Commercial Property.

Wayne Wild
Director
WEC Group Limited

More clients

John provides practical and concise advice and support in a professional and timely manner.

Gavin Birchall
Director
Dose Design

More clients

Thanks John, your services have been impeccable and as such I will have no hesitation to recommend both your services and those of Forbes Solicitors.

Gill Bond
GM Bespoke Events

More clients

Make an enquiry