After several years of preparation, the General Data Protection Regulation (GDPR) came into effect on 25 May 2018.

With more responsibility placed on organisations and severe penalties for non-compliance hanging over business owners’ heads, it’s easy to get caught up in a sense of panic.

It’s important to take the new rules seriously, but don’t let that overshadow the main aim of the legislation – to better protect your data.

What do the rules entail?

The GDPR is designed to give individuals more control over their personal data.

As an individual giving information to an organisation, this means you have more rights regarding how they handle that data, and what you can ask of them.

This includes the right to:

  • ask organisations for a copy of the data they hold on you
  • find out how information is being used
  • have data deleted or corrected.

It also means businesses are held accountable for the way they deal with your personal data, and are required to have secure systems in place for storing it.

Data protection by design

It can sound like one of many buzzwords surrounding the regulations, but the concept of data protection ‘by design and by default’ is not new.

It’s based on the principle that businesses should integrate data protection and privacy into all their systems and activities, rather than adding measures on as needed.

This has always formed a key part of data protection law, but the GDPR makes it a legal requirement.

Steps we’ve taken

Your personal data is important, and you don’t want it to be handled carelessly.

This is particularly pertinent when it comes to your financial information, so it goes without saying that you’ll want to know it’s in safe hands.

We’ve always handled our clients’ information with care, but the regulations have brought an additional focus to data security.

To keep our clients’ data private, our emails are encrypted. This protects our communications from being read by anyone other than the intended recipient.

We also use a high-security portal called IRIS OpenSpace to exchange information with clients for our payroll service.

The 25 May deadline was the start of the GDPR, not the end of it – so we’re working continuously to keep your data secure.

Find out more

Any organisation that deals with the personal data of EU citizens needs to comply with the GDPR.

Visit the ICO website for more guidance on how this affects you and your business.