The General Data Protection Regulation, better known as GDPR, is something of a headache for most businesses. The countdown to this year’s deadline has spawned a number of helpful guides and checklists, but many professionals are still confused about how the legislation affects them. For business owners and contractors, compliance is obviously key but for the contractors serving all industry sectors, how can data practices be updated and how will the protection principles they contain affect the relationship between contractor and client? Read on to discover how GDPR applies to independent contractors and the clients they work with.
Does it affect you?
The debate on whether a temporary employee is classed as a ‘data processor’ is still taking place, despite the looming deadline. Guidance has been vague regarding the definition of the data processors and controllers that the European law affects. Under GDPR, both processors and controllers handling the personal data of their company or customers must realign their responsibilities and liabilities to guarantee compliance and good practice. Controllers and processors come in all forms across organisations big and small, but GDPR affects all of them regardless of the size or structure of their business.
Organisations and individuals holding or utilising personal data for business purposes are all affected by GDPR. Whether you are an independent contractor or limited company contractor, under the new guidance you must ensure the practices you use to store and process the data of your clients and/or their customers are compliant. Under the requirements all personal data should be utilised fairly, and the reasons for holding and using the data need to be clearly communicated to each and every individual. Data should also be deleted when no longer needed, and the systems used to store said data needs to be up-to-date and secure.
How will things change with clients?
In addition to amending data protection practices to ensure you comply with the aforementioned requirements, the written contracts between you (the processor) and your client (the controller) will need to be refined. The Information Commissioner’s Office (ICO) offers some essential guidance on redefining the relationship and responsibilities between client and contractor:
“The GDPR makes written contracts between controllers and processors a general requirement, rather than just a way of demonstrating compliance with the seventh data protection principle (appropriate security measures) under the DPA. These contracts must now include certain specific terms, as a minimum. These terms are designed to ensure that processing carried out by a processor meets all the requirements of the GDPR (not just those related to keeping personal data secure).”
Without the right contract in place, contractors and their clients may find it difficult to understand and work with their new, GDPR compliant responsibilities and liabilities in mind. Both clients and contractors risk paying damages, fines and other penalties if they fail to use and hold data correctly.
The newly enforced GDPR affects contract businesses of all sizes and niches. Getting the support you need to understand how the regulations affect you, and avoiding those hefty fees, is therefore important. Contact our team today for expert guidance.