Nannytax's Top 5 GDPR FAQ’s
It’s here! From 25 May 2018 the infamous General Data Protection Regulation (GDPR) means that any individuals or organisations handling personal data must ensure they are taking significant steps to be compliant with the new legislation.
This includes nanny agencies and nanny employers, so we’ve pulled together the Top 5 GDPR questions we get at Nannytax and have the answers right here.
But before we dive in to the Top 5 FAQs, here are the GDPR happenings at Nannytax . . .
What Nannytax is doing about GDPR:
- Nannytax HR team are on hand to help clients through GDPR in their own nanny employment situation
- Nannytax HR’s ‘Nanny Employment Handbook’ will contain a newly updated Data Protection policy for clients to use for their nanny
- Nannytax is providing a new Service Level Agreement to our partner agencies which will include a new updated section on complying with GDPR
So, let’s get to it, with your Top 5 GDPR FAQs . . .
1.What is GDPR?
The General Data Protection Regulation (GDPR) is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places more responsibility on how organisations handle personal data. The 6 key principles of the GDPR law briefly explain the rules around processing personal data. The phrase ‘processing’ refers to collecting, storing, altering, managing or using any personal data of an EU citizen.
2.What is Personal Data?
Personal data includes any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, an email address, bank details, medical information, locational information, or a computer IP address. GDPR applies to automatic and manual systems where personal data is collected and is accessible.
3. What are the Key Principles?
- You have to processes all data lawfully, fairly, and clearly.
- You have to let people know specifically and explicitly why you are processing their data before you begin processing it. You can’t process someone’s data for another other reason than its original purpose unless that person has previously agreed to it.
- Only process what you need to – all data processed must be relevant and limited to what is necessary for its purpose. If it’s not needed, don’t process it.
- Keep data as accurate as possible – If you are asked to make changes, do it is quickly as possible.
- You can only keep personal data for as long as required. You’ll need to tell the person how long you are intending to keep their data and why. If you don’t need to data anymore – destroy it securely.
- Keep the data safe and secure – If it’s processed securely, it will protect the person from any unauthorised or unlawful processing and prevent any accidental loss, destruction, or damage to a person’s data.
4. Who are the experts?
Whilst we offer help for all our clients on GDPR and how they can implement it in their employment with their nanny, for other organisations we recommend speaking to the ICO.
The ICO (Information Commissioner’s Office) are the UK’s independent authority set up to uphold the information rights of the public. They offer advise on all things GDPR and have useful tools to help a business ensure their compliance. Visit the Information Commissioners Office (ICO) website to access guidance for small businesses on how to comply with GDPR, including free tools and resources.
5. What helpful tools can I use?
Please visit these helpful guidance pages and tools from the ICO website:
- Take the ‘Data Protection Self-Assessment’ designed to:
- help small organisations assess their compliance with data protection law
- find out what you need to do to be compliant with GDPR
- Follow the’12 steps to take now’ guide produced for small organisations to help prepare
- Check the ICO’s GDPR FAQs for small organisations which covers a range of common queries related to small organisations
- You can call their dedicated GDPR helpline aimed at people running small businesses on 0303 123 1113 (select option 4 to be diverted to staff who can offer support)
- Watch Information Commissioner, Elizabeth Denham, explain GDPR in this short video or read her blog
Please don't panic
It’s important not to panic. While we must all ensure that we are making efforts to be GDPR compliant, the Information Commissions Office (ICO) advise GDPR is an ‘evolution of the existing law’ . . . if you are already compliant with the existing Data Protection Act 1998, then you are well on your way to being ready.