Feefo Gold Merchant

Contractor Guides

 

​GDPR for Contractors

GDPR for Contractors
Scroll
 
Contact Qdos Contractor:0116 269 0999
 
 

Guidance for Contractors

 

General Data Protection Regulations (GDPR)

GDPR or the General Data Protection Regulation, is the EU’s effort to update and upgrade data protection laws across the whole of the EU, to bring it in line with how data is actually being used across the digital world by huge firms such as Facebook and Google. Given that the UK currently remains part of the EU, we will automatically be bound by the GDPR which will replace the Data Protection Act 1998 (the DPA 1998), brought into effect in the UK to implement the 1995 EU Data Protection Directive. The GDPR is due to come into effect from 25 May 2018.

The new regulations essentially try to give individuals more control over how companies use their data, and some of the key changes we are going to see include larger penalties arising from non-compliance, and increased responsibility and liability being positioned on data controllers and data processors.

Who does the GDPR apply to?

 

Both data controllers and data processors will need to comply with the GDPR. A controller is essentially the party who determines the purpose and manner that personal data is to be collected and processed, and the data processor is the party that processes the data on behalf of the data controller.

It is the data controller who has the obligation to ensure that their data processor complies with the GDPR, however the data processor must also ensure to abide themselves and maintain records of their activities given that if processors find themselves involved in a breach, they will be much more accountable under the GDPR than previously under the DPA 1998.


 

Will the GDPR affect contractors?

 

Due to the nature of the work, it is highly likely that services provided by contractors will involve the processing of personal data, meaning that you will need to consider the GDPR going forward, ensuring that data is processed in a way which is GDPR compliant, ensuring security and confidentiality and avoiding any unlawful processing.

Under the GDPR:

“Personal data” includes “any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

“Processing” means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.



 

Next steps

 

The GDPR states that as a processor you must provide your client with "sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject".

Therefore, in order to become properly prepared for the implementation of the GDPR in practice, you should consider the following:

  • Reviewing your existing contracts with clients and amending the same (or having a separate document drawn up) setting out the responsibilities of each party relating to GDPR.

     

  • Keeping records of all processing activities carried out on behalf of a controller, to include the client’s instructions on the processing to demonstrate you are acting on documented instructions from the controller.

     

  • Asking your clients for written authorisation if you are to engage another processor (for example if you provide a substitute).

     

  • Ensuring all individuals processing your client’s data are subject to confidentiality obligations.

     

  • Ensuring you have the correct procedures in place to detect, report and investigate a personal data breach – Personal data breaches may result in individuals losing control over their data and to avoid this the GDPR makes controllers and processors accountable for monitoring and reporting on the same.

     

  • Putting in place procedures to ensure that at the end of your services and in line with the client’s instructions, you delete all data (including copies) or return it all to the client.

     

  • Familiarising yourself with the ICO’s code of practice on Privacy Impact Assessments (PIA) – A PIA is intended to show that the client has looked at all of the issues surrounding privacy rights and it demonstrates the steps that may have been taken to safeguard these. Although these are the controller’s responsibility, you are obliged to assist the client with the same.

In addition to considering the above we advise that you review the relevant guidance issued by the ICO, and seek legal advice relating to compliance procedures and documentation. Not only will you need to ensure that your internal procedures are GDPR compliant, but a legal specialist would also be able to review and advise in relation to your data protection rights and obligations contained in any written agreements you may have with clients. 


 
Scroll
 

The Company

 

About Us

Why Qdos?

 

Qdos Contractor are one of the leading providers of specialist contractor insurance services in the UK. Our online application process takes only a matter of minutes with all documentation issued instantly. Unlike many other brokers, we don’t hide our premiums until you've provided your details, as we are confident that our premiums, service and product are the best in the market. In addition, Qdos Contractor is one of the leading authorities on the IR35 legislation and have handled well over 1,500 IR35 enquiries on behalf of UK contractors.

 

Our History

 

Qdos began in 1988 as a tax consultancy business and has grown significantly over the past two decades, providing expert business services, products and advice. Over the years, Qdos has grown in both size and reputation as a trusted contractor insurance broker as well as an expert tax advisor. Our aim is to provide UK contractors with the assistance and service with IR35 issues they need as well as sustaining excellent quality and competitive premiums in the contractor insurance market.

Need Help?

 

Call our team on 0116 269 0999
Or arrange a call back

Call back
Chat with us