What do freelancers need to do in order to be GDPR-compliant?

The new General Data Protection Regulation (GDPR) will be in full force before the end of the month, bringing with it a number of important changes to individuals’ rights and the ways in which companies can collect, handle and store their data. But how will the new legislation affect contractors?

A recent report on contractor resource Freelance UK’s website recently set out to answer this very question, as many contactors and freelancers appear to be confused as to whether they will need to register under the GDPR.

In short, the answer is ‘yes’, as the GDPR is aimed at all organisations and individuals who hold or use personal data for business purposes, data protection solicitor Olivia Whitcroft pointed out in the article.

Naturally, this means that contractors have quite a lot to get the grips with ahead of the GDPR’s formal introduction on 25 May 2018 – which is, quite literally, just around the corner.

In order to be compliant with the new rules, contractors and freelancers need to start thinking very carefully about:

  • Whether they are using personal data ‘fairly’.
  • Keeping data up-to-date and secure.
  • Identifying the purposes for which they hold other people’s personal data.
  • Informing individuals that they hold their data.
  • Not holding any more data than is necessary.
  • Deleting data once the purposes it was initially collected for have been fulfilled.

Ms Whitcroft, who acts as a data protection and technology solicitor for law firm OBEP, said that contractors’ “GDPR obligations and associated compliance risks may not be as extensive as some other organisations, who may, for example, hold larger [or more sensitive] types of data.”

However, she said that contractors should not take this to mean that the GDPR will not require them to shake-up their existing processes in terms of data protection.

“You will still need to identify your uses of personal data, and apply GDPR requirements to [any business-related] activities,” she said.

If you wish to find out more information about the GDPR and what the new legislation means for you, please refer to the Information Commissioner’s Office (ICO) website here: https://ico.org.uk/for-organisations.