GDPR - An update, and some information on consent

By now you should all be aware of the new data protection rules coming into force in May. The General Data Protection Regulation (GDPR) will replace the Data Protection Act from 25 May 2018. Failure to comply with the regulation can result in heavy fines of up to €20 million or 4% of the businesses’ annual turnover (whichever is the higher amount), which is why it is so important for all businesses to be making plans to ensure they are compliant.

We have already written about some of the work going on here at Lovewell Blake to ensure we meet our obligations, hopefully, as business owners you will also have your own plans in place as well.

Our committee continues to meet regularly to discuss every area of the legislation and what changes, if any, that we may need to implement. One of the areas of the regulation that gets a lot of discussion, both here and elsewhere, is the area of collecting consent. There are six available lawful bases for processing personal data, and consent is just one of them.

What this means is that organisations may need to ask for explicit permission to use your personal data in a certain way. It is vital that the consent is freely given, positive and explicit. It also needs to be easy for consent to be withdrawn at any time.

We have already started to request consent from some people to be able to continue to send our newsletters out to them. You can fill in our contact preferences form here if you would like to receive our regular newsletters.

We hope that you find this interesting and helpful. If you have any questions, please contact us and if we are able to provide an answer we will.

Lovewell Blake