Latest News

Would you like Right to Rent checks to be easier?

21 January 2019

The Home Office is developing a new online service to make completing right to rent checks quicker and easier, but they need your help to make the service work and bring it to life. Read More...

Rent Smart Wales enforcement intensifies

21 January 2019

It's now been well over two years since the introduction of Rent Smart Wales. Here we take a look at recent enforcement activity, with rent repayment orders becoming more common and enforcement teams showing renewed vigour to ensure that no stone is left unturned. Read More...

Get up to Speed on the GDPR

Wednesday 15 February 2017

New EU data protection laws will apply from 25 May 2018 which will have a dramatic impact on your business and the way you hold sensitive customer information.

The new GDPR regulations build on the UK Data Protection legislation and are designed to strengthen data protection for individuals within the European Union, and give those people the ‘right to be forgotten’.

In May 2018, the General Data Protection Regulation (GDPR) will become law, but it will take some months to get UK businesses ready for it. Most business bosses in the UK are unaware of this new regulation, don’t understand it, or don't appreciate the consequences of non-compliance. But that will be no excuse if you suffer a loss of data.

What you need to know

If your business loses data, has been negligent or suffered a service attack, malicious or internal hack that puts people’s rights at risk, it must notify a data protection authority (the Information Commissioner’s Office) and the people that are affected within 72 hours of becoming aware of it. Should this 72-hour deadline not be met, your business could be fined up to €10m, or 2% of global annual turnover, whichever is greater. A two-tiered sanction could lead to fines of up to €20m, or 4% of global annual turnover, whichever is greater, for breaches which have been deemed to be most important.

Despite Brexit, businesses that hold any piece of information about any EU citizen, or do business in the EU, will be impacted by GDPR. It is enforceable regulation that is applicable to every UK business regardless of size or market.

Whilst we can assume outsourced services such as hosting companies and 3rd party software providers will be doing all they can to comply, it is important to undertake due diligence to ensure that they are.

So what you need to do?

Make sure you are aware of the risks to your organisation and that your legal requirements are understood. You will need to identify where your data is stored (hosted servers, cloud solutions, paper records) and be aware of what type of data is being held.

Planning for data breaches by having a clear actionable process in which to identify who or what is accountable is advised. You may need to show that you have adequate cyber security in place and that compliance is monitored.

Review your policies, procedures and mechanisms for gathering, using, sharing and protecting personal data. By beginning to implement data protection policies and solutions now, your company will be in a much better position to achieve GDPR compliance when it takes effect. 

This is the biggest change to Data Protection in almost 20 years, since the introduction of the UK Data Protection Act. Whilst May 2018 may seem a long way off, when you consider the amount of preparation to be done, it is not.

The sooner you look at and address the issue, the more chance you have of avoiding the severe risks within your organisation.