LawBite’s Countdown Checklist for GDPR | Part One

April 20, 2018

There are only six weeks to go until the new General Data Protection Regulation (“GDPR”) comes into force. If you are yet to start preparing your business you may be starting to panic, but it isn’t too late to act. Follow LawBite’s easy to digest countdown guides each week from now until enforcement on May 25th, in which we will cover each of the six key principles of the GDPR and explain what you need to do in order to get your business up to speed.

Principle 1: Data must be processed lawfully, fairly and in a transparent manner in relation to individuals

GDPR seeks to ensure that personal data is processed ‘lawfully, fairly and transparently’ in relation to individuals, without adversely affecting the rights of a data subject. Transparency is a key theme running through GDPR but what does this really mean and how can compliance be demonstrated? It’s actually pretty simple if you think of personal data as only being on loan to you from the data subject. Take the same kind of care with their data as you would if you were borrowing a friend’s car, for example. And remember at any time they can ask for it back, check you are using it properly and importantly remember that they retain control over what you do with it.

The legislation requires that you make available a privacy notice at the time you are collecting an individual’s data. Make sure any notice is fit for purpose and sets out in clear, unambiguous language how you collect data, what kind of data you are collecting, why it is being collected , how long it is kept for, whether or not it is passed on to third parties and explain the data subject’s rights, including their right to withdraw their consent and their right to lodge a complaint and, importantly, how they can contact you. Now is not the time for jargon and it is important to be explicit and say exactly what you mean! It’s also obviously important to mean what you say, so ensuring that robust data handling policies are in place but are also understood, embraced and adopted throughout your business will stand you in good stead.

In terms of the lawfulness of processing personal data, most organisations will rely on the ground of consent. Any consent you seek to rely on must be freely given, specific, informed and unambiguous so pre-ticked boxes for example, are no longer an acceptable way of obtaining consent. Any existing consents must be brought into line with GDPR so if you are in any doubt, obtain new consents and keep clear records showing you have done so. Of course, consent is not the only legal basis to rely on but whichever you opt for, in the spirit of being fair and transparent, it must be clearly identified in your GDPR documents and privacy notice.

Overall, the main things to remember are that you must tell people what you are doing with their data and ask their permission to do it. And never assume an individual’s consent from their failure to respond!

Next week part two: The purposes for which data may be collected under GDPR….don’t miss it!

To consult with Jessica, please submit an enquiry for a free 15-minute consultation or call our dedicated GDPR Hotline 0845 241 1843.

Also, we have put together a special LawBite Rescue GDPR Package for clients who need a little extra last minute help with compliance. Our LawBite GDPR Rescue Package contains 12 GDPR compliant document templates crafted by our expert data protection lawyers and written in plain English.  The Rescue package templates include Terms and Conditions of Website Use, Privacy Policy for Website, Data Protection Policy, IT Security Policy, Clauses for staff agreements and Consent options for Data Processing.

In addition to GDPR templates the package contains a 30 minute GDPR audit consultation and an additonal 2 hours of specific GDPR legal advce all for only £495 + VAT (versus £675 + VAT)

jessica

Journey further…

How LawBite works
LawBite GDPR Rescue Package

Leave a Reply

Your email address will not be published. Required fields are marked *


Ask a lawyer a company law question Or request a lawyer callback

Invalid Email
Please tick the box to show that you have read and agree to our Privacy Policy.
Thank you for submitting your enquiry. A member of our team will be in touch with you very shortly.

The LawBite Team