General Data Protection Regulation

From 25 May 2018, any business that stores the personal data of staff, customers, suppliers and other business contacts will need to comply with the General Data Protection Regulation (GDPR).

GDPR affects everyone, businesses and individuals alike, so knowing as much as you can about this new EU regulation now and preparing for its impact now will help you be compliant and avoid a huge potential fine in the future.

GDPR exists to give people better control over what businesses and  organisations can do with their data. It also makes data protection laws identical across all EU countries, making things clearer and simpler for everyone, seeks to systemise and unify data privacy laws across all EU member countries.

Currently, in the UK, the handling of data is governed by the 1998 Data Protection Act. GDPR will supersede the Data Protection Act, introducing new rules and penalties for those who fail to adhere to them, but more on that later.

Right now. GDPR first came into force on 24th May 2016, though at present GDPR is a regulation and not a directive, meaning companies have until 25th May 2018 until the regulation becomes law and will apply to them. Having said that, it’s essential to start preparing for its arrival now while you still have some room.

GDPR applies to “controllers” and “processors” of data, which covers just about every organisation out there as most organisations handle people’s personal data at some point, whether it’s the data of customers, suppliers, the public or staff.

The most important question of all - it’s all well and good knowing what GDPR is and why it’s here, but how are we supposed to comply with it?

We highly recommend following the 12 steps set out by the Information Commissioner’s Office (ICO). https://ico.org.uk/media/1624219/preparing-for-the...

One key point to make note of in terms of collecting people’s data is that you must always ask for their explicit and informed consent to give it and do so in a very timely, clear and obvious way so that they fully understand what you are collecting,
why and what you intend to do with it thereafter.

You can no longer rely on automatic, assumed or inferred consent e.g. where a box on a website form is already ticked for instance. Instead, the person has to tick the box to agree to your Terms and Conditions for instance.

The consequences of not complying are severe. Failure to adhere to the rules could result in a penalty of up to €20 million (around £17.8m) or 4% of your global annual turnover, whichever is greater.

Remember: whether the UK remains or leaves the EU, if you handle data originating from an EU country or citizen, you will need to comply with GDPR.

Dates to Remember:

1 February 2018- Due date for Corporation tax for companies with an accounting period ended 30 April 2017.

7 February 2018- Due date for filing and payment of VAT for the period ended 31 December 2017, unless you submit a paper return then the date is 31 January 2018.

28 February 2018- Ensure any tax that was due by 31 January 2018 is paid or you will incur a 5% surcharge plus interest on any amounts unpaid after 28 February 2018.

Monthly Dates:

19th of the Month: Due date for postal payments of PAYE, NIC and CIS deductions and on-line filing deadline for CIS300 monthly return to HMRC.

22nd of the Month: Due date for electronic payments of PAYE, NIC and CIS deductions to HMRC.