The General Data Protection Regulation (GDPR) comes into effect from 25 May 2018. It will alter how all UK businesses deal with personal data and there are increased fines for non-compliance. Richmond Roofing (Single Ply) ltd are reviewing its current practices and preparing for GDPR. We want to ensure that our partners are doing likewise.
The GDPR includes similar obligations to the Data Protection Act 1998 (DPA), but compliance will require:
Increased emphasis on the legal basis for data processing; more detailed policies; and additional rights for data subjects.
The GDPR increases the potential penalties for a breach. The maximum penalty will be £20million or if higher 4% of global turnover. This is compared to a maximum of £500,000 under the DPA.
Richmond Roofing (Single Ply) Ltd obligations as a data processor
Where we process data, the GDPR requires us to ensure that we are legally bound to comply with the following obligations:
Process the personal data only on documented instructions, including with regard to international data transfers to a third country or an international organisation.
Ensure our systems are kept secure with both organisational and technical measures.
Ensure all staff are adequately trained in data protection.
Ensure information is kept confidential
Ensure we do not pass personal information to sub-contractors without their consent and all of the same controls being in place.
Assist us in carrying out our obligations with regard to requests by data subjects to exercise their rights under the GDPR (including the right to transparency and information, the data subject access right, the right to rectification and erasure, the right to the restriction of processing, the right to data portability and the right to object to processing).
Delete or return all personal data at the end of the service provision.
In general only store data within the European Economic Area
Make available to all information that demonstrates compliance with the obligations and allow for, and contribute to, audits and inspections.
We suggest reading the following helpful guidance published by the information Commissioner’s Office:
Overview of the GDPR: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Any queries can be addressed to our Data Protection Officer at email@example.com or at our registered office address.