GDPR stands for the General Data Protection Regulation, which comes into action next year on the 25th May 2018. Set to become one of the largest shake-ups in data protection for the past 20 years, this is something that will take place and affect businesses all across Europe. Despite the fact that the UK is set to leave the European Union, British businesses are still set to become affected by the GDPR. The government has confirmed that the Regulation will still apply, and the prospect that UK businesses will be held by the GDPR has been confirmed by the Information Commissioner.
Horticulture businesses of all sizes will be required to comply with this data protection regulation, even those who are under the impression that they do not hold any 3rd party data. Whether your Horticulture business is a large corporation or a small one-man band, these legal requirements are applicable.
GDPR legislation is set to bring developments that will see tougher penalties, however, a large amount of it will stay familiar and unchanged. As might be expected, data protection is an area that will continue to evolve in such a digital data-driven landscape, so is something that we should get used to keeping up with. Businesses are required by strict laws to stay informed and compliant with such legislation, and this includes small business.
Horticulture businesses of all scales will be required to demonstrate the steps they have taken to comply with the Regulation, which is not just a case of ticking boxes. Individuals will have rights to access their data, as well as to their guaranteed privacy. Individuals will be able to make requests for a document containing their information, therefore procedures should be in place for delivering such requests. In terms of Horticulture, these individuals could be staff, clients or associates.
This new Regulation will see many larger companies requiring a dedicated team, or at least a plan, as regards data protection so that upon request, they are able to cooperate and full-fill a request. Policies and procedures must be in place, both practically and technically. A DPO, Data Protection Officer, may be necessary for some large companies and operations.
If you work with any kind of data regarding EU residents, be it clients or staff, or business associates, you must ensure that your business is compliant by next year when the GDPR goes live. If your business is not in the EU, which Britain will very likely not be, you will still have to comply with the Regulation, but perhaps is a slightly different way. Some data will have the right to be forgotten, there will be restrictions of international data transfers, and in terms of data portability, restrictions will be held. As a UK horticulture business, it is your responsibility to stay informed and compliant.
Penalties for non-compliance are said to get a whole lot tougher, as this matter is taken increasingly more seriously. Fines imposed could be as much as 4% of annual global turnover or over 20 million Euro. A company finding themselves in such a situation could end up insolvent and out of business. Penalties for smaller businesses are just as serious, and so the GDPR is something that should be looked into and implemented as soon as possible.
HL Services provides grounds maintenance, Horticultural, and facilities staff to a wide variety of public and private sector clients across the UK, including housing associations, schools, councils, hospitals, facilities management, parks & open spaces, cemeteries, event companies, landscapers and construction companies.