There is a imminent and significant change coming in data privacy law and MSB’s employment and HR specialist, Chris Hayes, says firms need to start preparing now.

General Data Protection Regulation (GDPR) replaces all existing data protection regulation and applies to all companies in the EU, no matter how small, that process and hold personal data.

Personal data is defined as any information from which a person can be identified, either directly or indirectly, and includes a name, email address, bank details, photo, medical information or computer IP address.

According to Chris, who has more than a decade experience in employment law, preparation is key to ensuring companies maximise their ability to comply with the legislation.

He said: “It is a good idea for companies to bear in mind the rights the GDPR affords individuals. Keeping these in mind, will help a company avoid falling foul of the requirements.”

Below are some of the rights individuals will have, in respect of their personal data:

  • The right to be forgotten – individuals can ask a company to delete or remove their personal data where there is no reason for it to be kept.
  • The right of access – individuals can, free of charge, request access to their personal data and ask how it is used.
  • The right to be informed – individuals have the right to know how a company intends to use their personal data and they must freely give their consent to the proposed use of the data. Their consent cannot be assumed.
  • The right to restrict processing – in some cases, an individual can ask a company to store their personal data but stipulate that they are not permitted to process it for any reason.
  • The right to object – individuals can object to a company’s usage of their data.

Chris added: “Our top tip is to remember to record all the steps you take to comply with the GDPR. Accountability is key and you will need to be able to demonstrate your efforts to comply with the GDPR, should the Information Commissioner’s Office come knocking.”