GDPR: Need to Know
The General Data Protection Regulation (GDPR) is a new European Union data protection law that will come into effect in the UK on 25 May 2018. Are you prepared?
VisitScotland has written this very useful article offering recommendations and advice on how to deal with GDPR which Business Loch Lomond has reproduced here for the benefit of tourism and hospitality businesses in our area.
Please read on and make use of the references and links for further information.
Data protection is about personal information and how it is managed.
Personal information refers to the details that you hold about your customers or staff. It includes data such as name, email address and telephone number. It could also include potentially sensitive information such as a birthdate, bank account or passport number.
The Data Protection Act that is currently in place was passed in 1998. Since then, technology and how we collect, manage and use personal information has changed a great deal. The GDPR legislation aims to remedy how personal information is managed in an increasingly digital world.
You must comply with GDPR requirements, therefore it is vital to know your obligations.
To best comply, we suggest that you assess your policies, practices and procedures associated with personal information.
The current Data Protection Act already requires that you manage this kind of data fairly, accurately and that you retain it for no longer than you need. It is however important to familiarise yourself with GDPR in order to ensure that you comply with this new legislation.
This is an opportunity to review how you currently process the personal information that you hold. You may, for example, need to review the privacy notice that applies to your website.
Useful resources and support
VisitScotland has produced an in-depth, easy to understand guide which provides information on what your business should be doing in regards to GDPR and customer data:
► VisitScotland's 'A Guide to Registration and Data Protection'
The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest. It administers data protection in the UK and offers GDPR guidance and support detailing what is required:
► ICO's getting ready for the GDPR - FAQs and resources
► ICO's preparing for GDPR checklist - 12 steps to take now
Business Gateway have also produced four videos to help businesses prepare for the move to GDPR:
► Business Gateway's GDPR online tutorial videos (account registration required)
If you have further queries about your obligations and how to comply, please contact the Information Commissioner’s Office