GDPR: Protecting your personal information

Fact: Firms are now holding more and more personal information.

Fact: Not looking after that personal information is a real risk.

Fact: If your firm gets it wrong, it will impact on your reputation.

It is vitally important to CILEx Regulation that all of its regulated firms, and in fact any business run by a CILEx member, look after personal information. Currently, all CILEx Regulation regulated firms are required to make it clear that they comply with the current Data Protection Act (DPA) and are registered with the Information Commissioner’s Office (ICO).

However, these rules are changing on 25 May 2018 with the introduction of the General Data Protection Regulation (GDPR). As GDPR will not be affected by the UK’s decision to leave the European Union, all firms need to have started planning now to make sure they can comply.

If a firm’s “personal data” is currently subject to the DPA, it is likely it will be subject to the GDPR.

Firms need to:

• understand the impact of the changes;
• document the data they hold;
• respect the rights of individuals;
• cope with subject-access requests;
• know the lawful basis for processing personal data;
• understand consent;
• identify if a Data Protection Officer is required.

The ICO is providing a lot of very useful information and guidance on the implementation of GDPR. Particularly helpful is their blog where they have been addressing some of the popular myths about GDPR.

We suggest…

Consumers – check that their firm has referred to how they look after your information in their client care letters. You could also check that the firm is registered with the ICO.

Firms – the ICO is committed to assisting businesses and public bodies to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond, so use the information found on their website.