How do you manage and store your clients’ data? If you are handling data relating to any individual within the EU, you must be compliant with the General Data Protection Regulation (GDPR).
This European law, which came into effect in May 2018, places greater obligations on how organisations handle personal data. It applies to businesses of all sizes, including contractors and sole traders, and is about ensuring people can trust you to use their data fairly and responsibly. So if you hold information in relation to your clients, you need to comply. And if you’re found to be in breach of GDPR, you could face a hefty fine.
What counts as personal data in GDPR?
Personal data can be anything from a name and address to passport numbers and bank details – it’s anything that directly or indirectly identifies an individual. It’s up to you to make sure that you keep this information safe.
Heavy fines for serious breaches demonstrate just how important personal data is today. If you fail to comply with GDPR, you could face the following fines:
- Up to €10 million or 2% of your annual global turnover – whichever figure is higher – for failing to notify your supervising authority or data subject about a breach
- Up to €20 million or 4% of your annual global turnover – again, whichever figure is higher – if you do not have consent from an individual to process their personal data.
How to make GDPR work for your business
While GDPR is in place to protect individuals’ personal information, it’s there to protect your business too. In many ways, it seems complicated, especially if you have never really had to consider how you handle data before. However, in many ways, it simplifies all matters relating to data and privacy in the business world as it covers everything.
GDPR encourages everybody to be more transparent about the way they procure, handle and store data, and ensures that information is only used for a specific purpose and is properly deleted when no longer required.
As a contractor, you may come into contact with all manner of confidential data. It’s in your interests to look after it properly. And if you do, not only will it likely help you to save time and money in the long run, it should boost your business’s reputation as your customers will have greater confidence in what you do.
How to avoid a GDPR claim
While data breaches do happen and GDPR claims are on the rise, there are steps you can take to properly protect personal data and avoid future issues. Here are some points to consider:
- Create a record, such as a spreadsheet, of the personal data you hold, what you do with it and your lawful basis for processing it,
- Have a privacy notice in place that includes information about your business and who is responsible for data protection; why you hold personal data and what you do with it; where you get data from; who you share it with; how long you keep the data for; how people can request their data; how they can complain and who to,
- Regularly check the information you hold and securely destroy anything that you don’t need (GDPR doesn’t give set time limits but says you should not keep information for longer than required),
- Ensure you are not keeping hold of unnecessary or excessive amounts of data,
- Make sure the information you hold is always accurate and up to date,
- Review your current security arrangements in your office or home working environment and be vigilant, such as by not sharing computer passwords, shredding confidential paper waste, encrypting mobile devices and being aware of your surroundings when working outside the office, and
- Understand how to deal with information requests and deal with them promptly (GDPR states that you should respond within one month).
You may also want to consider taking out Professional Indemnity insurance if you don’t have it already. While PI insurance does not cover how a business protects its data, it does cover you in the event of a data breach, for example, if a client sues you for misplacing their data - read this article for more information about how PI insurance protects your business.
To find out more about data privacy and what insurance cover you need as a contractor, please get in touch with our team of experts who will be happy to help, or head to our Knowledge Hub for the latest industry insights.