The General Data Protection Regulation (“GDPR”) came into force on 25 May 2018 and farming businesses need to act now in order to ensure compliance.
The GDPR, which is complex and lengthy, affects all EU established organisations (and many outside the EU too) that handle personal data, and can lead to significant fines for non-compliance.
A question that we are being asked is “how does this affect my farming business?”.
Some key issues to consider are:-
Employees
The GDPR requires organisations to provide individuals with certain information about how their personal data is used by the organisation. Potentially the most sensitive personal data your business processes is information about your employees (such as health records).
Privacy notices should be used to inform employees how you use their personal data and must contain specific information, such as how long you will keep their personal data and whether it will be shared with any third parties.
Privacy notices should be provided to your existing employees, new employees and also to prospective employees.
In addition to providing privacy notices, you should be reviewing your use of ‘consent’ in your employment documentation. The GDPR raises the threshold for obtaining valid consent, and many employers are moving away from consent, due to the imbalance of power in the employment relationship calling into question where its use is appropriate.
Customers and Marketing
You will be processing the personal data of your customers and you should ensure your T&Cs and customer-facing privacy notices are GDPR compliant. You must inform customers about how you use their personal data.
You should review your marketing practices and determine whether you require consent in order to lawfully market. If consent is required, has the threshold been met and can it be evidenced?
Website
You must inform website visitors about what personal data you collect through your website and how your organisation uses it. You may collect personal data through your website if it has an enquiry form, if you are selling products or services through your website or if you set cookies. You should review your existing website privacy policy and cookie policy to ensure these are compliant with GDPR. Depending on how you use your website you may also require website terms of use or website T&Cs if you are selling products or services through your website, these may require updating in order to be GDPR compliant.
CCTV
If you have a CCTV system this will be processing the personal data of the people you record and you should have appropriate signage and procedures in place.
Next Steps
As a farming business you need to demonstrate compliance with the GDPR and now is a good time to have a spring clean of your paper work and the personal data your business holds. Wilkin Chapman can offer help and support to ensure that your business is compliant. Whether you require one of our fixed-fee packages or bespoke advice, we have a solution to suit all businesses.
Please contact one of our experts, Sarah Parker on 01482 398398 today.
