Contact Us
 
Basket (0)   View
Forgotten your password?
 
 
News & Blog Find a Caterer For Sale Contact Us
 
      
    
      
 
 
The Nationwide Caterers Association
 
Become our newest member!
 

The General Data Protection Regulation

GDPR is coming. Are you ready?


As you will no doubt already be aware, the General Data Protection Regulation will come into force on May 25th 2018. The new rules will almost certainly affect you and the way you handle employees’, contractors’ and customers’ personal details. Essentially, the new regulation gives individuals more say over what you can do with their data and brings current rules in line with those in the rest of Europe.

On this page we'll tell you the most important things you need to know and take you through a handy checklist to help you comply.

What sort of data are we talking about here?

If your business retains personal data like names, addresses, phone numbers, HR records and customer lists you need to comply.

Any catering business owner should already be keeping staff records, which will need to be audited. If you have email subscriber lists for marketing purposes, you will need to include this data too. And if you’re a restaurant owner, you’re likely to have data from customers’ bookings on record, which will qualify for GDPR too.

What do I need to know?

The most important requirements of the regulation include that data security breaches need to be immediately reported to the Information Commissioner’s Office (ICO) – ideally within 24 hours. What’s more, individuals will have greater rights concerning the way businesses use their personal data (you can check those below).

The forthcoming regulation will set a stricter standard for the consent you need to gain to process personal data and will impose much higher fines for failure to comply (up to 4% of your business’s annual turnover or €20 million – whichever is higher).

Enhanced rights for individuals

Under the new regulations, all individuals whose data you hold will be entitled to the following enhanced rights:


• To access their information
• To have inaccuracies corrected
• To have information erased
• To prevent direct marketing
• To prevent automated decision making and profiling
• To data portability


With regards to the second point – to have inaccuracies corrected – this includes having errors corrected in the lists held by any other organisations with whom you have shared inaccurate information. Both you and the other organisation will need to correct inaccurate records. For this reason, it’s really important that you know who you share personal data with and document it.

The 10 step GDPR checklist for caterers

1. Make sure anyone in the business in a supervisory or decision-making role is aware of the changes and give one individual the responsibility of overseeing compliance.

2. Provide your staff with training on how to handle personal data at work.

3. Perform an audit of all personal information that you hold, the source of each data and the details of any exterior organisations with whom the personal data has been shared. Check mobile devices, the cloud and written records and complete an exhaustive search.

4. Review your privacy policies and identify any areas which will need to be updated to comply with the new regulations.

5. Review your current data protection policies and make sure that they comply with newly enhanced employee rights (remember, those new rights are outlined above).

6. Make a policy and records of the details of any data transfers, the reasons for them and details of how the data will be protected once it’s transferred from the employer.

7. Make sure you are able to provide a copy of an individual’s personal data should they make a reasonable request to see it.

8. Review the way your business processes personal data and identify and document the legal basis for processing.

9. Have a method statement for obtaining consent and a means of recording that consent has been given. If you currently hold any data that doesn’t meet the GDPR consent standard, refresh the consent and make a record.

10. Put procedures in place (and document them) that will detect, investigate and report on any breaches of personal data.

Need more help?

For more information about the GDPR and how to make sure you are complying, visit the ICO website. There’s a wealth of information to help business owners comply by 25th May there, including a thoroughly detailed PDF called ‘Preparing for the General Data Protection Regulation – 12 steps to take now'.

Join The Nationwide Caterers Association


Join from just
£20.25

per month


Join Online >

.

Find out more >


Want to chat about membership? Call us on 0121 603 2524


Tweets to NCASS from happy customers


Popular Links


Find a Caterer
Learn how to start a catering business
Get Insurance

Is your mobile catering business legal
Find a Supplier
Buy the profitable catering guidebook


Join our mailing list for the latest mobile catering and street food news and updates... We'll be in touch.


Join our mailing list

Mobile Catering Menu


Starting up as a Mobile Caterer Getting legal as a Mobile Caterer Mobile Catering Insurance Training Get profitable Find Suppliers For sales / Classifieds area Information Area Membership information & pricing Catering Testimonials

Mobile Catering Home Starting a mobile catering business Get Legal as a Mobile Caterer Mobile Catering Insurance Online hygiene and safety training for caterers Make your catering business work Find Suppliers Buying and Selling Area Mobile Caterer Testimonials Mobile Catering Membership

Follow us 
Follw us on Facebook Follow us on Twitter Follow us on Instagram Follow us on Youtube
Find a caterer for your event

Latest News

Did you know?

NCASS membership includeds lots of places on the UK's most highly-accredited and respected online training courses for caterers. All that's left to pay is a small certificate fee (can't say fairer than that!).

Find out just how much training would be included in your membership here.