GDPR - What is it?
The General Data Protection Regulation is a huge
development in Data Protection Law. It will ultimately replace the existing
Data Protection Act (1998) parts of which have now become outdated due to the
vast developments in technology since its implementation twenty years ago. GDPR
is designed to protect personal data and the privacy of citizens across Europe.
The UK’s decision to leave the EU will not affect the Regulation which will
come into effect on the 25th of May 2018.
What is Brightling & Co doing to prepare for GDPR?
We are committed to achieving compliance with GDPR prior to the implementation deadline in May 2018. We are taking steps to make sure we will be ready for GDPR. We are already compliant with the Data Protections Act and our compliance with GDPR will build on this existing foundation.
Overview of the steps we are taking
- We are in the process of identifying what personal data we hold for our clients, why we hold it, where it is stored and for how long we keep it.
- Identifying all areas of the business that will be impacted by GDPR.
- We are regularly updating all members of the business of the upcoming regulations and the changes we are making. As well as the steps we will all need to take in order to be compliant.
- Developing a strategy and requirements for how to address the areas impacted by GDPR.
- Implement the changes we have identified to our internal systems and procedures required to achieve & maintain compliance with GDPR.
- Test all of the changes we have made to verify & validate our compliance with GDPR.
What Changes will our clients see?
Outlined below are some of the changes that you will see as a client of Brightling & Co. We are aiming to make the transition from the data protection act to GDPR as smooth as possible and we will keep you informed at each stage that will directly affect you. As your personal data is at the very centre of the new regulations we will need your input in order to implement a number of these new protections. Although it may seem trivial at times we cannot stress the importance of these processes and procedures in the overall safety of your data.
- We are in the process of improving our client collaboration with IRIS Open Space, a simple safe document exchange and approval platform. IRIS Open space creates a safe (password protected & industry standard SSL encrypted) environment in which you can exchange documents electronically with Brightling & Co. Quick and simple to use it cuts out time and costs involved in posting documents and eliminates the risks involved with sending confidential information by email. Open space is compliant with the current UK Data Protection Regulation and the forth coming GDPR. Unlike other cloud-based options such as Google Drive, Drop Box and OneDrive, IRIS Open Space is specifically designed for UK Accountants and their clients and complies fully with the rules on data protection. You will have the peace of mind of knowing that all communication between you and your accountant are secure. More information about IRIS Open Space will be sent to you soon.
- We are also reviewing and updating our engagement letters and terms and conditions to reflect the new regulations within GDPR particularly Article 13 ‘Information to be provided where personal data are collected from the data subject’. To give you a brief insight the article covers matters regarding how and why we are processing your data, the legal basis for the processing and the period your data will be stored along with numerous other clauses. We will also be reviewing all of the other GDPR articles to identify which of these will need to be reflected in our renewed engagement letters.
- We will keep you informed of any changes we will be making that will be affecting you.
For more information and advice about what Brightling
& Co can do to help in terms of GDPR for your own businesses please contact
us using the details below.