A chance to hear the latest on employment, property, corporate and restructuring and insolvency and to ask questions and share your opinions.
DATE: Thursday 7 May 2020, 10:00am - 11:00am- delivered via Zoom Video Conference
Search site
Contact our office
Make an enquiry
“Not another article on GDPR!” I hear you cry. Businesses are increasingly aware that they need to be GDPR compliant by 25 May 2018 and are trying to work out what that means for them. There is plenty of information out there, but it is often vague, confusing or too long. With this in mind we have come up with a straight forward list of “GDPR Do’s and Don’ts” for most small and medium sized businesses:
1. Under GDPR, you need to be able to demonstrate that you are compliant. This means that you should carry out a data audit, to establish:
a. What personal data you hold (it should be relevant, limited to what is necessary and where applicable kept up to date);
b. Do you hold any sensitive data i.e. health, sexual preference, religious belief etc. (you may need explicit consent if you do);
c. On what lawful basis you are processing it (see para 2 below);
d. Where you are holding it (you have to keep it secure and so should not be holding it in more places than you need to);
e. How long you hold it for (you should only be holding it as long as you need it);
f. Who you share it with (you need to tell the data subject who you share it with);
g. Where you got it from;
h. If any data is being processed outside Europe i.e. on the cloud (if so, you need to check it is compliant and tell the data subject);
i. What you have told the data subject about it (see para 5);
j. Do you hold any data on children under the age of 13 (if so, you must give clearer, age specific, privacy information and, if you are providing social networking services, their parents need to consent).
2. You should only process data if you have a lawful basis for doing so, examples of this may include:
a. You need to process the data to perform a contract i.e. you need their name and address to send them the product;
b. You have a legitimate interest to process that data, the data subject would reasonably expect you to process the data in that way and it is not unfair for you to do so; or
c. The data subject has given their consent.
3. Consent is much harder to demonstrate under GDPR. It cannot be given as part of the terms and conditions. You cannot use a pre-ticked box and you need to have a record of exactly how the consent was given. This means that most consents given pre-GDPR will not be compliant and new consents will be required.
4. You can use “legitimate interests” instead of consent as the basis for sending direct marketing (e-mail, phone and mail). However, you would have to be sure that the recipients would expect you to contact them in that way and it must be proportionate. It should be noted that you cannot send direct marketing e-mail to consumers unless:
a. They have given their consent; or
b. (i) You received their details when they purchased or were looking to purchase goods or services from you (ii) you are sending them marketing information about similar products and services and (iii) you gave them an opportunity to opt out of receiving those e-mails when you first sold/offered them the goods or services and they have had the option to unsubscribe in each subsequent e-mail communication.
5. You need to include updated privacy notices on your website and link to that notice in e-mail footers. The privacy notice should set out amongst other things:
a. the purpose for which you are processing the data;
b. The legal basis on which you are the processing the data (i.e. consent/ performance of contract/legitimate interests);
c. How long you are holding the data for.
This means that you will need different sections in your privacy notice to cover the different types of data and different ways you process the data (i.e. a different section for customers, prospects, suppliers, prospective employees, website visitors).
If you collect data from someone other than the data subject, you should provide the privacy notice to the data subject within a month of it being collected.
6. Any contracts where you process data on someone else’s behalf or vice versa should include specific provisions set down by GDPR on how the data is being processed.
The date that GDPR comes into force, 25 May 2018, is drawing ever nearer, however, there is still time to get your procedures compliant. Jon Rathbone in the corporate and commercial team at Hughes Paddison can help you with these matters. If you'd like to discuss GDPR and better understand your obligations give us a call on 01242 574244.
A chance to hear the latest on employment, property, corporate and restructuring and insolvency and to ask questions and share your opinions.
DATE: Thursday 7 May 2020, 10:00am - 11:00am- delivered via Zoom Video Conference
Cheltenham based solicitors, Hughes Paddison, have announced two promotions within their Senior Management Team. Jon Rathbone has been made an Equity Director within the firm, whilst Julie Bennett has been made a Director.
What our clients say
“Hughes Paddison have provided assistance on numerous occasions consistently acting in an exemplary fashion whilst dealing with all aspects of the issue at hand. It is extremely reassuring to know that our company is represented by such a competent and professional firm.”– Commercial Director, Ferroli Limited
“We are lucky to have the services of Paul Engelbrecht on hand. He has always met our requests and ridiculous deadlines and puts himself out to make life easier for us”– Company Secretary - Supergroup PLC
“Paul has repeatedly demonstrated a high level of legal skill, accuracy, attentiveness and most of all, commercial acumen. I particularly appreciate his eye for detail and ability to take complex legal issues and explain them in lay terms. ”– Relationship Director RBS
“Whilst constantly demonstrating his consummate professionalism and occasional wry sense of humour David has at all times supported me and acted in my best interests resulting in a successful financial settlement and my divorce.”– V
“Jennifer provided sound professional legal advice which I needed to help me to sort out the legal and financial aspects of a difficult personal situation. I wouldn't hesitate to go to her with any family legal matters I have in future.”– R
“Having the support of Marcus throughout what has been a very painful divorce has really helped me get through the last 18 months. Although this has personally been a very difficult process, I know that Marcus has done everything possible to make it as smooth as it can be. I really appreciate the honest, open feedback to all of my questions and also how quickly he responded to them. Above all else, Marcus really does seem to care about his clients and their families. I never had the feeling that this was just a job for Marcus, and Im so grateful that I was fortunate enough to have had Marcus recommended to me when I did.”– R
Clicking the Accept All button means you are accepting analytics and third-party cookies (check the full list). We use cookies to optimise site functionality and give you the best possible experience. To control which cookies are set, click Settings.
Our use of cookies.
You can learn more detailed information in our Privacy Policy
Some cookies are essential, whilst others help us improve your experience by providing insights into how the site is being used. The technology to maintain this privacy management relies on cookie identifiers. Removing or resetting your browser cookies will reset these preferences.
Essential Cookies
These cookies enable core website functionality, and can only be disabled by changing your browser preferences.
Google Analytics cookies help us to understand your experience of the website and do not store any personal data. Click here for a full list of Google Analytics cookies used on this site.
Third-Party cookies are set by our partners and help us to improve your experience of the website. Click here for a full list of third-party plugins used on this site.
Comments