Not necessarily, but you must ensure that your organisation has sufficient staff and skills to discharge your obligations under the GDPR and so you can appoint a data protection officer (DPO) if that helps you meet this criteria.
The GDPR says that they should have professional experience and knowledge of data protection law. This should be proportionate to the type of processing your organisation carries out, taking into consideration the level of protection the personal data requires.
Public authorities (except for courts acting in their judicial capacity) are required to appoint a data protection officer (DPO), as is any organisation carrying out large scale systematic monitoring of individuals (for example, online behaviour tracking); or carrying out large scale processing of special categories of data or data relating to criminal convictions and offences.
The DPO’s minimum tasks are defined in Article 39:
- To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.
- To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits.
- To be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc).
You must ensure that:
- The DPO reports to the highest management level of your organisation – ie board level.
- The DPO operates independently and is not dismissed or penalised for performing their task.
- Adequate resources are provided to enable DPOs to meet their GDPR obligations.
The role of DPO can be allocated to an existing employee. As long as the professional duties of the employee are compatible with the duties of the DPO and do not lead to a conflict of interests. You can also contract out the role of DPO externally.
It is important to remember that we are only talking about third party personal data under the data protection rules.
If you are holding this as part of your responsibilities then you will need to comply with the Data Protection Act until May 2018 and the GDPR thereafter.
You need to think carefully about the storage and disposal of personal data.
How can Crimson Crab help…
The General Data Protection Regulations (GDPR) came into force in May 2016.
There is a two year lead in period to enable businesses to become familiar with the new regime and so the critical date is:
25th May 2018
The law applies to anyone who processes personal data (which includes storage and disposal) in whatever capacity.
How can Crimson Crab help…
The government intends to implemnt the Great Repeal Bill to ensure their is continuence of laws. All the information you need to know is given in this article by the BBC.
From a compliance perspective your clients are entitled to know the details of the legal entity that they are dealing with, especially if a business or trading name is being used. If the legal trading entity is a registered body there are some very specific disclosure requirements.
The information must appear in business letters and electronic equivalents including emails. To give you peace of mind we can check out your letterheads for compliance read more…
Yes, it’s really important to get your house in order, ready for the new legislation.
You will need to get to grips with the new rights of individuals, handling subject access requests, consent, data breaches, and maybe even designating a data protection officer.
There is a responsibility to demonstrate compliance and so documenting what personal data you hold, where it came from and who you share it with is an absolute must.
The important thing is to make sure that someone in your organisation takes proper responsibility for data protection compliance in good time and has the knowledge, support and authority to do so effectively.
How can Crimson Crab help? Read more…
There are two main issues here:
- using terms and conditions that are not bespoke to your business; and
- using terms and conditions that are out of date.
Your business’ terms and conditions should:
- underpin the provision of good, consistent customer service;
- give clarity of expectations & payment terms;
- provide protection for all the parties involved;
- ensure you meet all the legal requirements for your particular business; and
- minimise legal disputes
If the worst comes to the worst and you end up in dispute with a client or customer, if they are in writing, they provide great evidence of what was agreed in the first place.
How can Crimson Crab help?
We can provide a free no obligation quote for a bespoke set of terms and conditions. Request a quote.
For a small fee we can review your current terms and conditions and give you a no obligation quote if they need amending. Order a review.
If you operate a consultancy we can supply a standard form agreement suitable for your business read more…
The General Data Protection Regulations (GDPR) will apply in the UK from 25th May 2018.
The government has confirmed that the UK’s decision to leave the EU will not affect their commencement.
They apply to ‘controllers’ and ‘processors’. The controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the Data Protection Act, it is likely that you will also be subject to the GDPR.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
Copyright protects your work and stops others from using it without your permission.
There isn’t an “official” register of copyright works in the UK, unlike Trade Marks.
You get copyright protection automatically, you don’t have to apply or pay a fee, when you create:
- original literary, dramatic, musical and artistic work, including illustration and photography
- original non-literary written work, such as software, web content and databases
- sound and music recordings
- film and television recordings
- the layout of published editions of written, dramatic and musical works
There are other ways of protecting Intellectual Property. Read more…
Much of the UK’s current legislation is derived from the European Union. When the UK leaves the EU there needs to be a level of continuity. To provide this the Government intends to introduce the Great Repeal Bill which will do three things:
- Repeal the European Communities Act 1972. This legislation provides legal authority for EU law to have effect as national law in the UK. This will no longer be the case after Brexit.
- Bring all EU laws onto the UK statute books. This means that laws and regulations made over the past 40 years while the UK was a member of the EU will continue to apply after the Prime Minister triggered Article 50 on 29 March.
- Create powers to make secondary legislation. Technical problems will arise as EU laws are put on the statute book. For instance, many EU laws mention EU institutions in which the UK will no longer participate after Brexit, or mention “EU law” itself, which will not be part of the UK legal system after Brexit. There will not be time for Parliament to scrutinise every change, so the bill will give ministers some powers to make these changes by secondary legislation, which is subject to less scrutiny by MPs.