The General Data Protection Regulation (GDPR) comes into force on the 25 May 2018. It’s a single set of rules that is designed to protect the privacy of individuals in their private, professional or public life.

The regulation will change the way personal data can be collected, used and transferred. Businesses will need to know where data is stored and may even need to change the way data is collected and how they respond to requests about personal data that they hold.

There are significant sanctions, penalties, and judicial remedy for non-compliance with this legislation.

The following points are some of the main steps that should be taken:

• Identify any areas where personal data is not adequately protected or managed
• Strengthen backup, disaster recovery and archiving processes as appropriate
• Issue new privacy and consent information where data is held if necessary
• Ensure everyone in the business knows their responsibilities to protect personal data
• Document and share the new procedures that are implemented

Further information on the GDPR can be found at https://ico.org.uk/

As with all of our tax tips and web pages this information is necessarily summarised and of a general nature.  If you would like detailed specific advice please contact us.