GDPR is almost here

GDPR is (almost) here!

Last month we highlighted that GDPR is fast approaching! It’s now only weeks until the new regulation kicks in. Luckily Prompt Payer can help businesses needing support with GDPR.

Prompt Payer, the ethical debt recovery specialists has teamed up with Benefits Direct to offer GDPR services for HETAS registrants.

From short online articles to 100 page ‘e-books’, information (and misinformation!) about GDPR is everywhere but are you any wiser as to your own business’s exact needs and how you will need to change your practices in order to comply? Likely not. Listen, you don’t need to read another blog, guide or white paper to get a handle on what you need to do.

You might not even think that the GDPR affects you but the fact is, GDPR affect every single business that holds data on their customers, from sole traders through to huge corporations.

There are also many ‘solutions’ out there offering a one-size-fits all approach to data compliance like template websites that offer no access to data protection experts. Using these services without advice might leave your business vulnerable to a hefty fine from the ICO come 25 May 2018.

However, our solution is different and will help you address your GDPR needs hand in hand with an expert.

What’s on offer?

FREE consultation about your legal needs with an expert. We’ll run through your requirements then put you in touch with a qualified expert lawyer to discuss your needs as an organisation. Call our team today on 0207 1481599 (“Quote HETAS” to obtain special rates) to discuss your needs.

  • FREE GDPR Checklist and Audit so you can explore your requirements.
  • FREE GDPR guidance notes written by data protection experts.

Call 0207 1481599 (Quote” HETAS” to obtain special rates) or submit an enquiry here to speak to someone about your business and what you need.

Member-rate reduced price packages to help you on your way to compliance, whatever the size of your business:

GDPR Package One

ü  GDPR compliant legal document templates which are:

  • Terms and Conditions of Website Use
  • Data Protection Policy
  • Privacy Policy and Cookie Policy
  • IT Security Policy
  • Data Processing Agreement
  • Consent to Data Processing
  • Data Processing Clauses
  • Clauses for Staff Agreements
  • Data Retention Policy
  • Staff Consent Form
  • Privacy Notice to Staff
  • Memorandum to Board of Directors
  • Free Audit Questionnaire

ü  1 hour of legal advice with an expert GDPR lawyer

ü  GDPR Audit document

£295+VAT (30% off usual price for members, usually £385+VAT)

GDPR Package Two

  • GDPR compliant legal document templates
  • 3 hours of legal advice with an expert GDPR lawyer
  • GDPR Audit document
  • 1 hour bespoke GDPR Webinar training with expert lawyer


GDPR Package Three

  • GDPR audit is used by a GDPR lawyer to identify specific compliance work required, a plan of action is agreed and legal work completed.
  • Priced on application (POA).

Bespoke GDPR Webinar Training

  • We can also offer bespoke GDPR webinar training for you and your team to brief your organisation on your data protection needs.
  • Includes a Q&A session
  • Slides and notes forwarded to attendees after session


Don’t leave GDPR compliance until the last minute. Sort your needs out today and avoid unnecessary problems down the line, remember 25 May 2018 is the deadline. To start with a FREE consultation about your needs simply click here


GDPR is coming

Get ready for GDPRGDPR is coming

The General Data Protection Regulation, or GDPR, replaces the current Data Protection Act (1998) and comes into force on 25th May 2018. Regulated by the ICO, the GDPR strengthens the rules around personal data and requires organisations to be more accountable and transparent. It also gives people greater control over their own personal data.

Designed to help safeguard data protection rights for individuals, the GDPR introduces a single set of rules across the EU when it comes to how organisations handle data relating to identifiable individuals. That means if your business holds personal information such as names, addresses, staff records, customer lists and even online identifiers (such as a computer’s IP address), you could be subject to certain requirements of the GDPR.

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA).  If you are complying properly with the current law, most of your approach to compliance will remain valid under the GDPR and can be the starting point to build on. However, there are new elements and significant enhancements, so you may have to make changes and do new things.

The GDPR toughens up penalties already existing under the DPA which include:

  • Fines up to £500,000
  • Prosecutions, including prison sentences for deliberate breaches
  • Obligatory undertakings, where your company has to commit to specific action

When the GDPR begins in May, these penalties will get heavier:

  • Businesses in breach will see a dramatic increase in fines. Penalties can reach an upper limit of €20 million (or four per cent of annual global turnover if that is higher).

As well as regulatory fines for non-compliant businesses, bear in mind the possibility that individuals might also sue you if they suffer as a result of how you handle their data.

The GDPR’s implementation on 25th May happens before the date of the UK’s withdrawal from the EU, so all businesses will definitely need to be compliant with the GDPR. Although the UK’s data protection status after Brexit is still unknown, the government has suggested that it intends to implement equivalent GDPR rules post Brexit (see the Data Protection Bill announced in the 2017 Queen’s Speech) to make sure frictionless movement of data between the UK and the EEA continues.

The Information Commissioner’s Office (ICO) website has a vast range of tools to help small businesses, including a self-assessment toolkit created with small organisations in mind. You can use the checklists to assess your compliance with data protection law and find out what you need to do to make sure you are keeping people’s personal data secure. Click here to view the ICO self-assessment toolkit. Further useful links are outlined below.

Some of the official documentation is still being developed – for instance, detailed interpretation of the rules for establishing consent from individuals. The ICO expects the Article 29 Working Party to finalise their guidelines by the middle of April.

Many resources are available to support small businesses. Here are some links you may find useful:

The ICO also has a helpline specifically for GDPR enquiries. Call the helpline on 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers). If calling from outside the UK, you may not be able to use the 03 number, so please call +44 1625 545 700. Their normal opening hours are 9 to 5 Monday to Friday.

HETAS has been registered with the ICO as a Data Controller since 2016. HETAS will be reviewing the terms and conditions we apply to our registration schemes, to reflect the GDPR, and will publish any changes through our website.

You can contact the HETAS team on 01684 278170 or click here to email.