On 25th May, 2018, the General Data Protection Regulation (GDPR) comes into effect in the EU and across the UK, impacting all businesses which handle personal data.
By now you should be on your way to complying with GDPR regulation, having raised awareness in your organisation and either already conducted or planned an internal data audit.
While the GDPR includes a number of important changes regarding cyber-security and data management, one of the most important changes involves strengthening the standards of obtaining consent to process data.
Failure to obtain proper consent to process data, which includes contacting individuals, risks being subject to whopping fines. GDPR’s maximum fine tops out at €20 million, or 4 per cent of global turnover, whichever is higher. The consequences are steep and there is no room for error.
Remember that, although you are not required to automatically ‘repaper’ or refresh all existing Data Protection Act (DPA) consents in preparation for the GDPR, it is important to check your processes and records in detail to be sure existing consents meet the GDPR standard.
If your existing DPA consents do not meet the GDPR’s high standards or are poorly documented, you will need to seek new GDPR-compliant consent.
Use this checklist as a starting point to ensure you comply: