General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) is the area of law that companies must comply with to protect the personal information of individuals.

GDPR impacts all companies.  In the finishes and interiors sector, whilst you may do limited business to consumer work. as an example, consider the amount of personal data you hold on just your employees and LOSCs!  

GDPR came into force in May 2016, with a two-year transition period becoming enforceable from 25 May 2018. The principles are very similar to EU Data Protection Directive, however, the GDPR contains a number of changes including:   

  • Enhanced documentation to be kept by data controllers  
  • Enhanced privacy notices  
  • More prescription rules on what constitutes consent  
  • Mandatory data breach notifications requirements   
  • Enhanced data subject rights
  • New obligations on the data processor
  • Expanded territorial scope
  • Appointment of Data Protection Officers
  • A significant increase in the size of fines and penalties  

As part of GDPR you must document your processing activities and maintain records on several things such as processing purposes, data sharing and retention.