May 25th Was a Game Changer for Businesses, says Gibbons Mannington Phipps
6th August 2018
... Comments

This year on May 25th last GDPR (General Data Protection Regulation 2016/679) was introduced to the United Kingdom and enacted across the entire European Union.

Think of GDPR as a beefed-up Data Protection Regulation that is now UK Law, the penalties for breaches of which can be serious for any business. The Regulation protects the privacy of all living individuals within the European Union and the European Economic Area – the EEA. It addresses the export of personal data outside of the EU and EEC.

GDPR aims primarily to give control to citizens over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

The GDPR sets out seven key principles:

  1. Lawfulness, fairness and transparency, inform the subject what data processing will be done, what is explained must be what is done with the data, data processing must be in line with GDPR.
  2. Purpose limitation, personal data can only be obtained for “specified, explicit and legitimate purposes” and no other, without further consent.
  3. Data minimisation, Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”.
  4. Accuracy, Data must be “accurate and where necessary kept up to date”,baselining ensures good protection and protection against identity theft. Data holders should build rectification processes into data management / archiving activities for subject data.
  5. Storage limitation, GDPR requires that personal data is “kept in a form which permits identification of data subjects for no longer than necessary”.
  6. Integrity and confidentiality (security), requires processors to handle data “in a manner that is appropriate to protect the security of the personal data including protection against unlawful processing or accidental loss, destruction or damage”
  7. Accountability, the accountability principle requires you to take responsibility for what you do with personal data and how you comply with the other principles.

You must have appropriate measures and records in place to be able to demonstrate your compliance.

The fines for non–compliance are punitive, businesses and organisations who have not acted already should do so now. Businesses that have taken action should double check to ensure that their actions are appropriate.

Gibbons Mannington and Phipps LLP, Chartered Accountants have offices in Bexhill, Rye and Tenterden, giving top level Compliance advice to businesses across the entire area. With well over 100 years of excellent Accountancy service to businesses and individuals they are an outstanding professional business with a local face.

All of the Partners are qualified Chartered Accountants and the firm has extensive knowledge of specialist areas including Farming, Charities, Medical and Dental Practices, Audit, Personal Tax and Taxation of Owner Managed Businesses.

Since the Data Protection Act 1998 has now been superceded by GDPR, all responsible owners and managers must take pro active steps to protect their businesses by ensuring that they are fully compliant.

About the Author


Member since: 22nd March 2018

Cale is the Owner of 'thebestofHastings', the award winning franchise, providing integrated marketing solutions to SMEs, connecting to the Hastings community and promoting local events in 1066 Country....

Popular Categories