GDPR: what’s all the fuss?
When it comes to the General Data Protection Regulation (GDPR) one thing is sure: you cannot simply bury your head in the sand and hope it will go away.
GDPR will apply from 25 May 2018 and each and every UK business will need to review how they collect, store and use individuals’ personal data.
Many of the GDPR’s main principles are the same as the existing Data Protection Act (DPA), so if you are compliant with the DPA then you are at a great starting point.
However, how many funeral directors are compliant? Michael Hart-Abbott from A Abbott & Sons Ltd explains to SAIFInsight how GDPR will impact funeral directors:
“One of the earliest considerations any company needs to do is to think about how they will approach the new regulations, perhaps try to calculate how long implementation might take and establish who will take responsibility within the business.
“This in any small business is perhaps the hardest thing to do; no one wants extra work, especially at this busy time of year. But once you have agreed your plan to tackle the regulations, things will become a little clearer and maybe not as difficult as first imagined.
“There is plenty of help available to SAIF members. Golden Charter and SAIF recently held a joint GDPR training webinar with Alison Wilson, Director of Compliance and Risk, and Louise Love, Head of Compliance – Funeral Director Sales, on how Golden Charter is making arrangements to keep them and you, the funeral director, going in the right direction.
“This training session is available at www.saif.org.uk and Golden Charter also produced a poster for funeral directors’ awareness. This will be available from your local Golden Charter representative.
“The Information Commissioner’s Office (ICO) has produced a 12-step plan to help us become acquainted and fully compliant with the GDPR. This plan is available from ico.org.uk and also from your local Golden Charter representative who will be able to email you a copy.
“I have spoken with the ICO’s small business helpline (0303 123 1113, option 4) on a few occasions and found them to be very helpful and able to direct me with my specific data matters.”
So what does GDPR actually mean?
“GDPR will increase privacy for living individuals and give regulatory authorities greater powers to take action against any business that breaches the new laws. You will need to look around your business and determine how secure the data you hold is. Families will have greater rights over their data. These rights include the right to be informed, the right of access and the right to be forgotten.
“You will need new consent statements from families to declare their instructions regarding their retained data. This consent must be freely given, specific and an unambiguous indication of the individual’s wishes. As a business you are directly accountable for the security of personal data and the ICO can issue fines of up to 4% of a company’s annual turnover.
“You may be like me, struggling to take immediate action, but I have allocated time to get to grips with the GDPR’s requirements, establish our new policies, record how and why we hold and store the different types of personal data and implement the necessary training to all members of staff.”
Tags: data, EU, GDPR, information, law, personal, protection, regulation, rules