Employers should identify who will need a Data Privacy Notices (DPN), determine what should be in them, and revisit their processes and procedures and staff training, to ensure the right individuals receive a DPN at the right time, in readiness for the General Data Protection Regulation (GDPR).
Businesses owning a database will welcome a legal ruling that will help them decide if they enjoy a database right, so that the database is therefore protected from being reused by someone else.
Organisations should be identifying and preparing to implement necessary changes now, ahead of the new General Data Protection Regulation (GDPR) which is due to come into force in May 2018.
Building customer loyalty gives you a high return on the time, effort and money you invest in providing good customer service. Loyal customers buy more, more regularly, and the cost of selling to them is low. And they will frequently recommend your business to others.
Direct mail and email can be very cost-effective ways of marketing your business, allowing you to reach large numbers of customers at low cost. Email offers immediacy and low cost, while welldesigned direct mail can really stand out.
Business information can be an important contributor to your competitive advantage. Good filing and record-keeping systems make sure you have what you need, and avoid wasting time and effort looking for misfiled information and misplaced files.
GDPR: not too late to ensure that real data protection risks will be addressed
The article reports on the European Union's General Data Protection Regulation (GDPR). Topics discussed include why many parts of the regulated community thinks that the GDPR plans may not be fit for purpose; concerns that important data protection risk scenarios have not been addressed.
The rights and wrongs of GDPR compliance
The article discusses the General Data Protection Regulation (GDPR) which creates an onus on companies to understand the risks they create for others and mitigating the risks. It states that GDPR obliges the organisations to take review on how they process personal data, like the customer database. It states that GDPR is heavily linked with personal data which is a concern for the information technology sector.
Why GDPR is great for SMEs
The article reports that General Data Protection Regulation (GDPR) of European Union (EU) should be seen as an opportunity for small businesses to get their houses in order and create operational efficiencies. It mentions the views of Jane Dixon, marketing specialist SmartFocus, on Small business. It states that GDPR preparation is the improvements and savings it brings to information technology (IT) security management.
When an employee leaves, for whatever reason, it is vital to get everything right, from reclaiming your property to ensuring your confidential information is kept secret after the employee leaves. Check out the key steps to take for a trouble-free termination.
Using CCTV at work is subject to data protection and human rights law, and could also breach your duties to your employees. Check out the pluses and minuses of using CCTV, and what you have to do to stay within the law.
Keeping your customer information accurate and up to date is vital. Failure to do so could result in costly and possibly embarrassing mistakes.
Legislation and regulations
Reform of EU data protection rules
Summary of the changes to data protection law in the EU. The new regulation entered into force on 24 May 2016 and will apply from 25 May 2018. The site includes factsheets on data protection reform.
Data Protection Act 1998
Full text of the act that came into force on 1 March 2000. It applies to computerised personal data, and to personal data held in structured manual files.
Data Protection Directive 1995
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
This is not an exhaustive list of legislation on data protection. The ICAEW Library holds numerous print publications on data protection law and also subscribes to electronic databases with the complete text of UK legislation. For information on accessing these resources, please contact the Library.
Information Commissioner's Office (ICO)
Guide to data protection
Detailed guidance for UK organisations, covering:
- key definitions of the Data Protection Act
- data protection principles
- processing personal data fairly and lawfully
- the rights of individuals
- information security
Preparing for the General Data Protection Regulation (GDPR): 12 Steps to take now
Practical checklist from the ICO highlighting twelve steps organisations can take to help plan for the General Data Protection Regulation which is due to come into force in the UK on 25 May 2018.
Guide to the General Data Protection Regulation (GDPR)
Guide from the ICO explaining the provisions of the GDPR and what organisations need to do to comply with its requirements. Includes ‘In brief’ summaries and checklists as well as more detailed content in key areas.
Getting ready for the GDPR
Checklists from the ICO to help data controllers and data processors assess high level compliance with data protection legislation.
What to expect and when (GDPR)
Update from the ICO on the guidance being produced to help controllers prepare for the General Data Protection Regulation in May 2018. Includes details of the ICO’s recent work in this area and guidance planned for the future.
A series of blog posts from the ICO aiming to bust some of the myths that have developed around General Data Protection Regulation compliance. Topics covered include data breach reporting, new fining powers and the issue of consent.
Code of practice on use of CCTV by employers with special reference to CCTV in pubs.
Information on how to apply the Privacy and Electronic Communications Regulations, with practical examples and frequently asked questions.
Information for small businesses on the Employment Practices Code with links to the full Code and supplementary guidance.
A range of guides and information aimed at SMEs.
Protection of personal data
Comprehensive guide to data protection issues within the EU. Topics include:
- obligations of data controllers
- handling complaints
- protecting personal data
- data protection bodies
Article 29 Working Party Guidelines
EU level guidance on the General Data Protection Regulation. Produced by the Article 29 Working Party, an independent European advisory body on data protection.
Data protection and your business
Guide from GOV.UK covering issues relevant to organisations, including:
- managing staff records
- monitoring staff at work
- using CCTV
Being monitored at work: workers' rights
Guide from GOV.UK for employees monitored through CCTV, bag searches, email checking and other methods.
Data protection guidance
Guidance from the Ministry of Justice on the application of the Data Protection Act 1998, including:
- Undertaking privacy impact assessments: The Data Protection Act 1998
- How data protection affects my business or organisation
- Jargon buster for data sharing and protection
The state of cyber resilience: EY's global information security survey 2016
Latest edition of EY's annual survey report looking at how organisations are addressing current threats and how businesses can proactively prepare for potential new risks.
Data protection and freedom of information standards
Overview from the British Standards Institution with links to related information, news and publications.
US Department of Commerce Safe Harbor Portal
Comprehensive website supporting the Safe Harbor privacy framework in the US, including an overview, documentation, workbook, a certification form and a safe harbor search service (searchable by state or industry sector).