In short - yes! GDPR
will affect any businesses including interior designers or industry partners
that collects, processes or stores data. This can be the list of customer's name
and addresses in a physical address book or a list of 4,000 cloud-based data
At the BIID, we are
currently in the full throws of preparation for the new data protection regulation.
GDPR is coming into effect on 25th May 2018, replacing the 1998 Data
Protection Act. We are very aware of the challenge many of our members face getting
ready for this significant change in law and as such have prepared a brief
overview explaining the change and some suggested resources.
What will GDPR affect?
individuals’ personal data including but not limited to, name, address,
telephone and email. The processing of
data in emails, briefs, recommendations and other activity is covered by GDPR
and all regulations apply.
The principles of GDPR
The key principles of
GDPR give an insight into the premise of the regulation and reflect the depth
of information covered and the rights afforded to individuals moving forward.
All personal data must be:
- processed lawfully, fairly and in a
transparent manner in relation to individuals
- collected for specified, explicit and
legitimate purposes and not further processed in a manner that is
incompatible with those purposes; further processing for archiving
purposes in the public interest, scientific or historical research
purposes or statistical purposes shall not be considered to be
incompatible with the initial purposes;
- adequate, relevant and limited to what is
necessary in relation to the purposes for which they are processed
- accurate and, where necessary, kept up to
date; every reasonable step must be taken to ensure that personal data
that are inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without delay
- kept in a form which permits identification of
data subjects for no longer than is necessary for the purposes for which
the personal data are processed. Personal data may be stored for longer
periods insofar as the personal data will be processed solely for
archiving purposes in the public interest, scientific or historical
research purposes or statistical purposes subject to implementation of the
appropriate technical and organisational measures required by the GDPR in
order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate
security of the personal data, including protection against unauthorised
or unlawful processing and against accidental loss, destruction or damage,
using appropriate technical or organisational measures.
What should you do?
Take the time to learn
about GDPR. Compliance sounds daunting
but by getting informed you are best placed to deal with it. As you would expect from a professional body for Interior Designers,
at the BIID we have immersed ourselves in all things GDPR and we would like to
remind our members to pay extra attention to a couple of things.
1. Individual Rights
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to
- The right to data
- The right to object
- Rights in relation to
automated decision making and profiling.
- Consent must be freely given; this means giving people genuine ongoing choice and control over how you use their data
- Consent should be obvious and require a positive action to opt in
- Consent requests must be prominent, unbundled from other terms and conditions, concise and easy to understand, and user-friendly
- Consent must specifically cover the controller’s name, the purposes of the processing and the types of processing activity
- Explicit consent must be expressly confirmed in words, rather than by any other positive action
- There is no set time limit for consent. How long it lasts will depend on the context. You should review and refresh consent as appropriate.
Everything else you
need to know can be found at:
Information Commissioners Office has also produced a number of excellent articles
and resources that are specifically created for small organisations. We highly
recommend the ‘12 steps to do now’ and the myth busting blogs as a great
practical resource to set you on the right path.
that can provide support any advice can be found at the DP Network:
Disclaimer: The BIID is not a law firm and is not
providing legal advice. It is the responsibility of
our members to read the guidelines as set by ICO and interpret and apply them
as they deem appropriate. BIID accepts no
responsibility for policies implemented by its members.