Farmers are being warned of the pitfalls of breaching new data protection rules when they come into effect later this year.
Farmers across the country could potentially be forced to pay out millions of pounds in fines if they do not comply, the Central Association of Agricultural Valuers (CAAV) has warned.
The new data protection rules, which come into effect on May 25 under the EU’s General Data Protection Regulations (GDPR), apply to any business that holds data on an individual – including farmers.
Farmers will have to keep personal data, for example on employees, secure and up to date, and will also have to demonstrate compliance and delete files if requested.
John Smith, solicitor at Burges Salmon, says the consequences of getting data protection wrong can be enormous.
He said: “For serious breaches in data protection, businesses can be charged up to £17.5m or four per cent of annual global turnover (whichever is greater).
"The new rules add to the existing Data Protection Act, with four key areas employers should be aware of: Accountability, self-reporting, enhanced rights and consent.
“Your business will need policies and procedures in place to demonstrate compliance with GDPR,” Mr Smith warned.
“This needs to be on-going, day-to-day compliance, with training for relevant staff, and audits on what data you hold and where you’re keeping it. If a company breaches data protection rules it is required to report the breach to the Information Commissioners Office (ICO).
“If an individual suffers losses as a result of a breach, there is no cap on the compensation they can claim.”
Currently, employees have a right to request to see all the personal data held on them by an employer.
This remains the case, but an employer can no longer charge a fee and must comply within 30 days.
Employees can demand that their data is erased simply by removing consent for their data to be held. The legal definition of consent under GDPR has also been changed.
Mr Smith added: “The bar has been raised high and it is no longer safe for employers to rely on this,” he explains.
“Employers will now have to rely on contractual necessity to hold data, such as holding bank details in order to pay them, or National Insurance Numbers to comply with HMRC. With so many changes, it’s vital to conduct an internal audit and make sure your house is in order.”
Jeremy Moody, secretary and adviser at the CAAV, said: “So far the ICO is encouraging compliance, rather than penalising businesses, but this could change after GDPR comes into force. Although the rules sound complex, there are some simple steps that farmers can take.”