General Data Protection Regulations (GDPR)
If you process personal data about an individual you will have to comply with the new General Data Protection Regulations.
The GDPR is coming into effect to provide a unified data protection law across 28 EU Member States. Employers should be aware of the implementation date of 25th May 2018.
Increased Legal obligations
Employers need to know individuals rights will be increased. The GDPR will place stronger legal obligations on employers. The fines for breaches of the regulations will be higher than they currently are and so it really is not worth putting it off.
Subject Access Requests
There will also be a change to subject access requests, currently an employer can charge up to £10 to cover administration costs. The new GDPR removes the £10 administration fee. The time-frame of 40 days to provide the information requested is being reduced to one month.
As you would expect, the regulations can be interpreted at the discretion of the employer. If a subject access request is ‘manifestly unfounded or excessive or repetitive ‘ you can can a ‘reasonable fee’.
The infographic below provides you with an overview of what to expect. It is essential you start to understand this and make necessary changes to policies and procedures. Your managers will require training and this is a great time to start and factor into next year’s budget and strategic business plan.
For additional help, support and information about how it impacts on your business, please contact us.