News and developments
Are You Ready For The GDPR?
Anyone in business in the UK who collects or processes data from European Union citizens needs to be aware of the General Data Protection Regulations (GDPR) which come into force on 25th May 2018.
Whether you are a business owner holding a Tier 2 or 5 Sponsor Licence, a director of a company on a Tier 1 Entrepreneur Visa, or a freelancer having entered the UK on a Tier 1 Exceptional Talent Visa, not only must you be up to speed with the changes the GDPR will bring, but your organisation must be fully compliant before they come into force.
OTS Solicitors is a highly-ranked Legal 500 law firm and has years of experience in Immigration Law. Our London-based immigration solicitors can provide companies and individuals with the best advice on the requirements of the GDPR and how to achieve compliance.
What is the GDPR?
The GDPR is an EU directive which was passed on 24th May 2016. The reasons to change the law are two-fold; 1) to bring the law surrounding data protection up to date with the ubiquitous use of social media and cloud computing, 2) to create a uniform regime across the entire EU, a move that is expected to save businesses collectively €2.3 billion per year.
All controllers and processors of data must comply with the GDPR. Failure to do so can result in a fine of €20 million or 4% of global annual turnover – whichever is highest. A data controller is an individual who determines how and why personal data is to be processed, and a processor is someone who does the actual processing.
The British government has made it clear that the GDPR will continue to apply post-Brexit. And it is not only businesses that will be affected. Charities, NGOs, local government and healthcare providers will all need to ensure they are fully compliant with the incoming regulations. Tier 1 Entrepreneur Visa holders who plan to invest in a start-up need to be aware that new ventures must be compliant with the GDPR from day one.
The Information Commissioner’s Office (ICO) will be responsible for enforcing the GDPR in the UK.
The GDPR contains six general principles as laid out in Article 5, which directs that all data must be:
How to achieve GDPR compliance?
The most important first step to GDPR compliance is to conduct a full audit of all your data, establishing what your organisation currently holds, where it is kept and who has access to it. Any weaknesses in your data protection policies and procedures should be identified and dealt with.
You will need to ensure that the personal data your organisations collects is gathered legally and within strict legal guidelines. When processing the data, make sure it is protected from misuse and/or hacking and be available to its owner if requested.
Each business will have its own method for achieving GDPR compliance as there is no ‘one size fits all’ model available.
The ICO states; "You are expected to put into place comprehensive but proportionate governance measures. Ultimately, these measures should minimise the risk of breaches and uphold the protection of personal data. Practically, this is likely to mean more policies and procedures for organisations, although many organisations will already have good governance measures in place."
After making a detailed review of the data held, your organisation should take the following steps to meet compliance:
Even if you are not required to appoint a DPO, it is good practice to have someone in charge of data protection who will ensure your organisation reaches compliance and continues to comply with the regulations going forward.
In summary
Preparation for the GDPR should be on the radar of all companies before we move into 2018. And if you plan to move to the UK in the New Year to join an existing business or launch a start-up, it is crucial that you understand the compliance requirements.
* An example of an ‘opt-out’ clause is “Please tick if you do not wish to receive updates on our latest offers and products.
OTS Solicitors is one of the most respected immigration law firms in London and is a Legal 500 leading firm. By making an appointment with one of our business immigrationsolicitors, you can be assured of receiving some of the best legal advice available in the UK today. Please contact us on 0207 936 9960.