The BOSS Federation is the trade association which serves the UK office supplies and services industry by providing a range of initiatives, cost saving benefits and services, to enhance the business performance of its members.
Preparing your business for the GDPRback to list
17 August 2017
The current Data Protection Act will be replaced with the new General Data Protection Regulations (GDPR) on 25 May 2018 to protect personal data. A business that is not GDPR compliant could face a fine of €20m or 4% of its annual turnover.
For companies that employ fewer than 250 staff, the GDPR imposes some direct obligations on data processors that you will need to understand and build into your policies, procedures and contracts.
You may find that your customers will want to ensure that your services are compatible with the enhanced requirements of the Regulations. If this is the case, you will need to review if your contractual documentation is adequate and, for existing contracts, check who bears the cost of making changes to the services as a result of the changing regulations.
If you obtain data processing services from a third party, it is very important to determine and document your respective responsibilities.
All companies will need to put in place clear policies and practised procedures to ensure that you can quickly react to any data breach and to notify the regulator in time where required. You will need to establish a culture of monitoring, reviewing and assessing your data processing procedures, aiming to minimise data processing and retention of data, and building in safeguards. And you must check that your staff understand their obligations. Auditable privacy impact assessments will also need to be conducted to review any risky processing activities, and steps should be taken to address specific concerns.
To help your business prepare, BOSS is offering members a General Data Protection Regulations Workshop via the BPIF on Tuesday 19 September.
- What is the GDPR?
- Principles of the GDPR
- What is ‘data processing'?
- What is ‘personal data'?
- The legitimate interest assessment
- Consent, policies and privacy notices
- Objections and opt-outs
- Data protection/security
- Data breaches
- Creating an action plan
You can book a place at the member rate by clicking the button below. Now is the time to prepare your business!