Everyone is talking about GPDR!


Your Tax Shop, Tameside, is just one of the many businesses in the UK that has been doing their research on the EU’s General Data Protection Regulation (GDPR), which is replacing the Data Protection Act 1998, and will apply to all organisations in the UK and other EU members from 25 May 2018. It really doesn’t matter how big or small you are, the new regulations will affect ALL businesses who control or process data, and you need to be prepared. In case you haven’t been doing your research, here is some more info on the GDPR, and what it means for you…

Why was the GDPR created?


Since 1998 we’ve all been relying on the same Data Protection Act (DPA). But how much has changed in technology since then? To give you an idea, Facebook, Twitter, Snapchat, and WhatsApp were all created years after the DPA was put into place. Imagine how much of your personal data alone is accessible through just those 4 networks, bearing in mind that many companies like Facebook and Google swap access to people’s data for use of their services.

The DPA was enacted way before the internet and cloud based technology had created these innovative ways of exploiting and accessing people’s data, and GDPR recognises that this is happening.  Its focus is to give people more control over how their personal data is used and accessed, hoping to improve trust in the growing digital economy.

GDPR’s other main aim is to give businesses a simpler, clearer legal setting in which to operate, making data protection law the same throughout the single market.

When will the GDPR apply?


The GDPR came into force on 24 May 2016, however they agreed to give all businesses and organisations in EU member states until 25 May 2018 for the legislation to apply. This was to give everybody time to get prepared and ready for the new rules.

You might be thinking, but what about Brexit… Yes, the UK is leaving the EU, but that is a long way off yet. The UK haven’t even published Article 50, and it would probably take another 2 years for us to officially leave the EU after this was published. The GDPR also applies to any business handling data of individuals from the EU. So even if your company is based in China or America, if you handle any EU data, the same rules still apply from May 2018!

How do we prepare for the GDPR?


Every business will have to…

  • Put time aside –

Every business is going to need time to do their research, and ensure that everything is in place

  • Assign a Data Protection Officer (DPO) –

Somebody will need to do their research and be able to pass on information to other staff. This needs to be someone in the business with the power to make changes, and instigate change. Preferably a partner or director, or somebody in a senior role who has a vast knowledge of the business and systems in place.

  • Keep up to date with your professional body and their guidelines –

Like we follow AAT, have you been in touch with your professional body? Do they give guidance on the GDPR? These are all things you need to be thinking about!

How do we implement change for the GDPR?

Every business is different, but broadly speaking we all need to do the following…

  • Privacy Impact Assessments (PIA) –

All businesses need to understand what data it has, where the data is, who has access to it, and what it’s used for. PIAs will need to be done to review all data locations, why the data is handled, and assess whether the data is being handled correctly, and legally. This includes any work you have with third parties – you will have to assess whether their data handling is also in line with new legislation.

  • Privacy Policy –

Does your business have a Privacy Policy? If it doesn’t you MUST have one in place. There is further info on the ICO website with regards to creating one for your business.

  • Security Controls –

Do you have password policies? Is data encrypted? Do you have IT providers? If yes, do they share your data? You need to ensure any data you do handle is safe, and protected from being shared and passed on unlawfully.

  • Staff Training –

It is imperative that your staff are aware of the GDPR, and what it means for them. They will have to be trained on cyber security and data handling, so they know exactly how data should be handled and used.

  • Reports on where ALL personal data is held –

As a data controller or processor, you must know where all your clients or customers personal data is held, and have concise reports detailing the exact locations of where this personal data is.

  • Consent –

GDPR sets a much higher standard for consent, so it will be important to assess how you currently obtain consent from customers/ clients, and update procedures to make them more dynamic and compliant. It is also important that it is easy for people to ‘opt out’ of consent, as it is for them to opt in. This means that if an individual wishes for you to do so, you must be able to delete all data relating to them within a period of 28 days… As an Accountant, it is however a legal requirement to store up to 7 years of individual tax returns, so sometimes in certain situations, it may be impossible to delete ALL personal data stored on an individual.

These are just some of the things you need to think about for the GDPR coming into place in May 2018. Your Tax Shop is getting ready, but how ready are you? Contact us on 01457837744 or 01613395689 for more info.

Everyone is talking about GPDR!


Your Tax Shop, Tameside, is just one of the many businesses in the UK that has been doing their research on the EU’s General Data Protection Regulation (GDPR), which is replacing the Data Protection Act 1998, and will apply to all organisations in the UK and other EU members from 25 May 2018. It really doesn’t matter how big or small you are, the new regulations will affect ALL businesses who control or process data, and you need to be prepared. In case you haven’t been doing your research, here is some more info on the GDPR, and what it means for you…

Why was the GDPR created?


Since 1998 we’ve all been relying on the same Data Protection Act (DPA). But how much has changed in technology since then? To give you an idea, Facebook, Twitter, Snapchat, and WhatsApp were all created years after the DPA was put into place. Imagine how much of your personal data alone is accessible through just those 4 networks, bearing in mind that many companies like Facebook and Google swap access to people’s data for use of their services.

The DPA was enacted way before the internet and cloud based technology had created these innovative ways of exploiting and accessing people’s data, and GDPR recognises that this is happening.  Its focus is to give people more control over how their personal data is used and accessed, hoping to improve trust in the growing digital economy.

GDPR’s other main aim is to give businesses a simpler, clearer legal setting in which to operate, making data protection law the same throughout the single market.

When will the GDPR apply?


The GDPR came into force on 24 May 2016, however they agreed to give all businesses and organisations in EU member states until 25 May 2018 for the legislation to apply. This was to give everybody time to get prepared and ready for the new rules.

You might be thinking, but what about Brexit… Yes, the UK is leaving the EU, but that is a long way off yet. The UK haven’t even published Article 50, and it would probably take another 2 years for us to officially leave the EU after this was published. The GDPR also applies to any business handling data of individuals from the EU. So even if your company is based in China or America, if you handle any EU data, the same rules still apply from May 2018!

How do we prepare for the GDPR?


Every business will have to…

  • Put time aside –

Every business is going to need time to do their research, and ensure that everything is in place

  • Assign a Data Protection Officer (DPO) –

Somebody will need to do their research and be able to pass on information to other staff. This needs to be someone in the business with the power to make changes, and instigate change. Preferably a partner or director, or somebody in a senior role who has a vast knowledge of the business and systems in place.

  • Keep up to date with your professional body and their guidelines –

Like we follow AAT, have you been in touch with your professional body? Do they give guidance on the GDPR? These are all things you need to be thinking about!

How do we implement change for the GDPR?

Every business is different, but broadly speaking we all need to do the following…

  • Privacy Impact Assessments (PIA) –

All businesses need to understand what data it has, where the data is, who has access to it, and what it’s used for. PIAs will need to be done to review all data locations, why the data is handled, and assess whether the data is being handled correctly, and legally. This includes any work you have with third parties – you will have to assess whether their data handling is also in line with new legislation.

  • Privacy Policy –

Does your business have a Privacy Policy? If it doesn’t you MUST have one in place. There is further info on the ICO website with regards to creating one for your business.

  • Security Controls –

Do you have password policies? Is data encrypted? Do you have IT providers? If yes, do they share your data? You need to ensure any data you do handle is safe, and protected from being shared and passed on unlawfully.

  • Staff Training –

It is imperative that your staff are aware of the GDPR, and what it means for them. They will have to be trained on cyber security and data handling, so they know exactly how data should be handled and used.

  • Reports on where ALL personal data is held –

As a data controller or processor, you must know where all your clients or customers personal data is held, and have concise reports detailing the exact locations of where this personal data is.

  • Consent –

GDPR sets a much higher standard for consent, so it will be important to assess how you currently obtain consent from customers/ clients, and update procedures to make them more dynamic and compliant. It is also important that it is easy for people to ‘opt out’ of consent, as it is for them to opt in. This means that if an individual wishes for you to do so, you must be able to delete all data relating to them within a period of 28 days… As an Accountant, it is however a legal requirement to store up to 7 years of individual tax returns, so sometimes in certain situations, it may be impossible to delete ALL personal data stored on an individual.

These are just some of the things you need to think about for the GDPR coming into place in May 2018. Your Tax Shop is getting ready, but how ready are you? Contact us on 01457837744 or 01613395689 for more info.

Everyone is talking about GPDR!


Your Tax Shop, Tameside, is just one of the many businesses in the UK that has been doing their research on the EU’s General Data Protection Regulation (GDPR), which is replacing the Data Protection Act 1998, and will apply to all organisations in the UK and other EU members from 25 May 2018. It really doesn’t matter how big or small you are, the new regulations will affect ALL businesses who control or process data, and you need to be prepared. In case you haven’t been doing your research, here is some more info on the GDPR, and what it means for you…

Why was the GDPR created?


Since 1998 we’ve all been relying on the same Data Protection Act (DPA). But how much has changed in technology since then? To give you an idea, Facebook, Twitter, Snapchat, and WhatsApp were all created years after the DPA was put into place. Imagine how much of your personal data alone is accessible through just those 4 networks, bearing in mind that many companies like Facebook and Google swap access to people’s data for use of their services.

The DPA was enacted way before the internet and cloud based technology had created these innovative ways of exploiting and accessing people’s data, and GDPR recognises that this is happening.  Its focus is to give people more control over how their personal data is used and accessed, hoping to improve trust in the growing digital economy.

GDPR’s other main aim is to give businesses a simpler, clearer legal setting in which to operate, making data protection law the same throughout the single market.

When will the GDPR apply?


The GDPR came into force on 24 May 2016, however they agreed to give all businesses and organisations in EU member states until 25 May 2018 for the legislation to apply. This was to give everybody time to get prepared and ready for the new rules.

You might be thinking, but what about Brexit… Yes, the UK is leaving the EU, but that is a long way off yet. The UK haven’t even published Article 50, and it would probably take another 2 years for us to officially leave the EU after this was published. The GDPR also applies to any business handling data of individuals from the EU. So even if your company is based in China or America, if you handle any EU data, the same rules still apply from May 2018!

How do we prepare for the GDPR?


Every business will have to…

  • Put time aside –

Every business is going to need time to do their research, and ensure that everything is in place

  • Assign a Data Protection Officer (DPO) –

Somebody will need to do their research and be able to pass on information to other staff. This needs to be someone in the business with the power to make changes, and instigate change. Preferably a partner or director, or somebody in a senior role who has a vast knowledge of the business and systems in place.

  • Keep up to date with your professional body and their guidelines –

Like we follow AAT, have you been in touch with your professional body? Do they give guidance on the GDPR? These are all things you need to be thinking about!

How do we implement change for the GDPR?

Every business is different, but broadly speaking we all need to do the following…

  • Privacy Impact Assessments (PIA) –

All businesses need to understand what data it has, where the data is, who has access to it, and what it’s used for. PIAs will need to be done to review all data locations, why the data is handled, and assess whether the data is being handled correctly, and legally. This includes any work you have with third parties – you will have to assess whether their data handling is also in line with new legislation.

  • Privacy Policy –

Does your business have a Privacy Policy? If it doesn’t you MUST have one in place. There is further info on the ICO website with regards to creating one for your business.

  • Security Controls –

Do you have password policies? Is data encrypted? Do you have IT providers? If yes, do they share your data? You need to ensure any data you do handle is safe, and protected from being shared and passed on unlawfully.

  • Staff Training –

It is imperative that your staff are aware of the GDPR, and what it means for them. They will have to be trained on cyber security and data handling, so they know exactly how data should be handled and used.

  • Reports on where ALL personal data is held –

As a data controller or processor, you must know where all your clients or customers personal data is held, and have concise reports detailing the exact locations of where this personal data is.

  • Consent –

GDPR sets a much higher standard for consent, so it will be important to assess how you currently obtain consent from customers/ clients, and update procedures to make them more dynamic and compliant. It is also important that it is easy for people to ‘opt out’ of consent, as it is for them to opt in. This means that if an individual wishes for you to do so, you must be able to delete all data relating to them within a period of 28 days… As an Accountant, it is however a legal requirement to store up to 7 years of individual tax returns, so sometimes in certain situations, it may be impossible to delete ALL personal data stored on an individual.

These are just some of the things you need to think about for the GDPR coming into place in May 2018. Your Tax Shop is getting ready, but how ready are you? Contact us on 01457837744 or 01613395689 for more info.