There is a big change coming in the way that data protection is dealt with across the EU. General Data Protection Regulation (GDPR) comes into operation on 25 May, 2018, and it’s important that all businesses and organisations are prepared for it.
This applies to any business or organisation that is involved with the processing of the personal data of people who live in EU states, no matter where the business or organisation itself is located.
How does this affect insolvency practitioners?
You may be able to see how this affects businesses and organisations, but still be wondering why insolvency practitioners need to be concerned. The fact is that once an insolvency practitioner becomes responsible for the estate of an insolvent business or organisation they become responsible for ensuring that the processing of any personal data that relates to people living within the EU, meets with GDPR requirements. It’s important to remember that processing means any actions taken, including the storing of data.
The insolvency practitioner does not have to register as a data controller, but they do have the same responsibilities, while they are in control of the estate. And, they also face the same consequences should GDPR not be complied with; the potential imposition of substantial fines.
Why Record Keeping is Important
As with any business or organisation, it’s important that insolvency practitioners keep accurate and comprehensive records of their processes and procedures, when it comes to the handling of personal data. This is because being compliant does not just involve ensuring that the stipulations of GDPR are adhered to, it also involves being able to prove that this is the case, by providing documentation.
One more thing that insolvency practitioners need to think about, in order to comply with GDPR, is how they deal with the sale of assets, which may include personal data. In these circumstances it will often be necessary to complete Data Protection Impact Assessments, in order to identify the risks involved.