UK Contractors Urged to Check Client GDPR Compliance

advice Image

GDPR — the General Data Protection Regulation — came into force on 25th May 2018. Replacing the old and outdated Data Protection Act 1998, the new regulation is designed to give more control to the public over how, why, and when their personal information is used by businesses. We’re now almost 4 months into life under GDPR, and yet the subject of data protection is one that is still very much a hot topic.

GDPR Compliance

The reason we’re all still talking about GDPR is simple: compliance remains remarkably low amongst UK businesses. In fact, statistics from August 2018 suggest that more than one third of companies still aren’t compliant with the new legislation. It’s estimated that 35% are still sending unsolicited emails; 31% are storing data without explicit permission; 27% aren’t securing the data they hold; 22% haven’t implemented simple opt-out processes, and 14% are still making it difficult to access privacy choices.

As a tech contractor, figures like these are somewhat worrying. After all, while your own processes may be compliant, it is vital for your clients to be compliant, too. This is something that will be of particular interest to tech contractors who act in some form of data processing role for their clients. Say you’re working as a business analyst, holding identifiable details not only for the employees of the business, but for shareholders, too. There need to be solid, compliant plans in place for the protection of this data.

Checking Client Compliance

At a time when organisations such as BT and Gloucestershire Police have been fined by the Information Commissioner’s Office (ICO) for lack of compliance (if you’re interested, BT were fined £77,000 for sending unsolicited emails, while Gloucestershire Police were fined for revealing victim details in an email), it is well worth spending a little time ensuring that you’re working for compliant companies.

The first step towards checking client compliance is simply to take a quick look at the company website. Is there a privacy policy that is easy to locate and navigate? Are there opt-in boxes, rather than the no-longer-compliant opt-out boxes? If not, then you may wish to ask for copies of the client’s privacy policies, and request evidence that any of the personal data that you will be handling and processing yourself has been obtained through collection methods that are in line with new GDPR policies.

From a tech contractor perspective especially, it’s also worth making sure that the data that you’re working with is protected to a level that the ICO would be happy with. Is the data adequately encrypted? Can data be accessed as needed? Is the existing level of protection evaluated and reviewed regularly?

Contractor Obligation

Of course, ultimately it is the data controller — the company — that is liable for their own GDPR compliance. However, tech contractors acting as data processors will often have direct responsibilities, too. Amongst these responsibilities is the need to ‘assist the data controller in meeting its GDPR obligations’. Therefore, to ensure complete compliance with this new (and still somewhat confusing) data protection regulation, it is essential for tech contractors to work to ensure their clients have everything in place.

  • Want More? Sign up to our weekly newsletter

Related Articles

advice Image

Micro-mobility? - Upgrading your travel to...

by James Veale A new form of transport that has been advancing over the last 20 years; electric micro-mobility is made up of electric bikes, scooters and skateboards. This article will...

advice Image

UK Economy Grows 0.5% in Q1 2019 Amid...

The UK economy experienced an unprecedented boost to the start of the year, with GDP increasing by 0.5% during Quarter 1 2019. While this is certainly a drop from the more substantial growth...

Sidebar Add Space