0131 603 5040 | info@thebusinesspartnership.co.uk

MELCC

Untitled Document
Chamber News page banner image

News & Blog

News stories from the Chamber and related news are listed in the table below

Year two of the GDPR marks the end of basic compliance

24th June 2019

Nimarta Cheema, Corporate lawyer with Lindsays, warns Scottish SMEs that lack of knowledge of GDPR could pose risks now that more stringent enforcement by the ICO is starting. 

Following the first anniversary of the General Date Protection Regulations coming into force, the Information Commissioner’s Office (ICO) will be implementing more stringent enforcement and there are several examples of common breaches of the GDPR which could lead to significant fines if left unchecked. They include: 

Being unable to recognise a Subject Access Request (SAR) and treating it as an inappropriate request for information, or mishandling the SAR and failing to respond within the legally stipulated time;

Not taking seriously the obligation to register with the ICO, or mistakenly expecting to fall within an exemption or to ‘get out of’ a fine due to lack of awareness;

Using data gathered for one legitimate purpose for a different purpose, without checking or understanding whether an appropriate legal basis exists for that use;

Not knowing they have to document their processing activities and map out how they deal with data; and

Engaging data processors or sharing data without appropriate written contracts.

Nimarta commented, adding:“It is completely understandable that SMEs, which will often not have data protection specialists on the staff, either don’t understand or would rather not deal with GDPR issues.

 However, this is not going to end well. The GDPR is here, and the light-touch phase where the ICO will allow some leeway is now over. Scottish businesses must meet this issue head on to save themselves time, hassle and, most pertinently, money. 

Much of this comes down to staff training, with either no training having been performed or a single member of staff receiving data protection training but failing to trickle it down internally. 

“It’s time to take the GDPR seriously. Scottish SMEs need to take pre-emptive action; they don’t know what might hit them. 

If you would benefit from further information or advice on any queries regarding your business’s compliance with the GDPR legislation, it’s worth contacting a specialist at the earliest opportunity.

Go to top of page