
Guide
Express Terms
Read our guide where we'll discuss express terms, your legal obligations, and the legal consequences of breaching an employment contract.
- Employment Law
Peninsula Group, HR and Health & Safety Experts
(Last updated )
Peninsula Group, HR and Health & Safety Experts
(Last updated )
In this guide we’ll explain what GDPR covers, who it applies to, and how to ensure your business complies with the rules.
The increase in online availability has changed a lot for how we receive personal data.
An individual just visiting your website can give you a lot of information. And your responsible for keeping that data safe.
The EU overhauled previous data protection rules with General Data Protection Regulation (GDPR). You must comply with GDPR when handling personal information. Failure to do so can lead to significant fines for your business.
In this guide we’ll explain what GDPR covers, who it applies to, and how to ensure your business complies with the rules.
GDPR stands for the General Data Protection Regulation. This is the privacy law drafted and passed by the European Union (EU).
The regulations seek to protect those subject to data processing, and ensure they have rights over how and why their data is used.
There’s no specific GDPR act in the UK, but this regulation led to the introduction of the Data Protection Act 2018.
GDPR regulations came into force on 25 May 2018.
Despite being based on EU law, the UK continues to follow GDPR, Brexit or not.
These principles are said to lie at the heart of the data protection regime:
There are also several rights enshrined within the GDPR regulations. These include:
The GDPR principles apply to those who process and store personal data relating to individuals. Therefore, it’s likely many organisations will fall within the rules.
For you do fall within the scope of GDPR, you must do one of two things. Either appoint a specific GPDR data controller or be jointly responsible for compliance with GDPR data protection rules.
You’ll also have to decide the purpose for which the data is gathered, and what specific data is needed.
For GDPR compliance, you must have documents and processes that show you’re following the rules and ensure data protection. Therefore, it’s very important that organisations implement a GDPR policy, and conduct GDPR training for all their staff.
Your GDPR policy sets out how your organisation uses personal data, and how it’s protected.
Your policy should include:
The Information Commissioner’s Office (ICO) must be informed of any GDPR breaches—unless you can show it’s unlikely to result in a high risk to rights and freedoms.
Failure to notice the ICO of a breach can result in GDPR fines of up to £8.7 million, or 2% of global turnover.
If there’s a high risk to an individual’s rights and freedoms, then the individual will also have to be told. This notification must be within 72 hours of the breach.
Read our guide on employee breaches to learn how to avoid data breaches.
With data being gathered from many sources, it can be difficult to keep track of, and manage the information you hold. But failing to do so can be disastrous to your business.
With Peninsula, we can clarify what steps you need to take to ensure legal compliance. And our expert team can draft policies to ensure all your staff know the correct procedure.
Not a client yet? You can still enjoy a free advice call from one of our business experts. Simply call us on 0800 028 2420.
Got a question? Check whether we’ve already answered it for you…
When AI meets 40 years of Peninsula expertise... you get instant, expert answers to your HR and health & safety questions