The new GDPR comes in to effect in May 2018. Its main provisions are to:

  1. impose new requirements to collect, store and process individuals’ personal information, with significant financial penalties for non-compliance.
  2. place an increased emphasis on accountability and transparency so you should ensure that you have up-to-date records relating to the personal data that they hold, including where the data came from and who it has been shared with.
  3. review any privacy notices you have in place.
  4. identify any ‘lawful basis’ for processing activity within the GDPR, record this and update your privacy notices accordingly. The GDPR will modify some individuals’ rights, depending on the lawful basis. If you use consent as your lawful basis for processing, clients will have a greater right to have their data deleted, if they so wish.
  5. ensure that adequate security systems are in place to protect data, and to detect, report and investigate any data breaches.

Please refer to the attached file for more information