Some people think that their business is too small, doesn’t deal with financial services, or doesn’t have enough clients to think about data protection. None of these matter, the new Data Protection law will affect every business holding any amount of personal data (data relating to individuals).
Any personal data is covered, it doesn’t matter whether the individuals are customers, patients, guests, employees, suppliers or associates. If your business holds details about individuals (such as telephone numbers or email addresses) it needs to comply with the law.
The Channel Islands already have data protection laws and every business holding personal data must register with the Data Protection Commissioner and has the obligation to keep personal data secure. So, what’s changing?
- Individuals will have more rights over their data and who holds it
- Those holding or processing personal data will have greater responsibility
- More care will need to be taken with “special category” data (for example, information about a person’s health conditions)
- Consent to hold data will have to be positively given
- Inadvertent release of data (breaches) will need to be reported to the regulator and to those individuals whose data is compromised
- There will be big fines for those who don’t comply
The team at Midshore bring together a variety of skills, including data management, regulatory implementation, internet security and compliance to bring you a holistic solution. Data protection isn’t just an IT issue, it’s an issue for the whole business and needs to be treated as such.
For more information on our GDPR services, please see the attached PDF and our dedicated GDPR section on our website: