Farmers Guardian
Word ‘milk’ banned for use in branding of plant-based products

Word ‘milk’ banned for use in branding of plant-based products

This Is Agriculture - Sponsored

This Is Agriculture - Sponsored



Auction Finder

Auction Finder

LAMMA 2020

LAMMA 2020

You are viewing your 1 free article

Register now to receive 2 free articles every 7 days or subscribe for unlimited access.

Subscribe | Register

How farm businesses can prepare for data protection changes

With new General Data Protection Regulation (GDPR) coming into force in May, we look at how farm businesses need to prepare.

Share This

How to prepare for data protection changes

Changes in data protection rules could cost farmers millions if they do not comply with new regulations coming into effect on May 25.


The EU’s new GDPR means farmers will have to keep personal data secure and up-to-date, and will also have to demonstrate compliance and delete files if requested, warned Jeremy Moody, secretary of the Central Association of Agricultural Valuers.


And leaving the European Union does not get British farmers out of complying with the rules.

The consequences of non-compliance could be huge, with businesses able to be charged up to £17.5 million, or 4 per cent of global turnover, whichever is greater, for serious breaches.


John Smith, solicitor at Burges Salmon said it needed to be ongoing day-to-day compliance with training for relevant staff and audits.

Read More

Farmers could face huge fines as new data protection rules come into playFarmers could face huge fines as new data protection rules come into play
Hints & tips: How to make your farm meetings more productiveHints & tips: How to make your farm meetings more productive
Hints & tips: The benefits of registering your farmlandHints & tips: The benefits of registering your farmland



Breaches needed to be reported to the Information Commissioners Office (ICO) with serious breaches needing to be reported with 72 hours. This can include losing a laptop or a memory stick which contains personal information.


With more resources to clamp down on breaches, the ICO will be able to walk into an office unannounced and temporarily ban firms from holding personal information.


Mr Smith said: “On top of this, if an individual suffers losses as a result of a breach, there is no cap on the compensation they can claim.”


Employees also have a right to request to see all the personal data held on them within 30 days and employers can no longer charge a fee for this. They can also demand the data is erased.


Being able to demonstrate compliance was a key principle, with an organisation needing to show justification as to why they store data.


This can be contained in a simple file note, according to David Laing from digital consultancy firm My Future Cloud.


He said: “Any organisation, including farmers, can store personal data as long as they have a justification for collecting and handling it.”


Consent was one justification, but could be onerous to obtain and maintain, and Mr Smith warned the legal definition of consent has been changed under GDPR.


He said: “Employers will now have to rely on contractual necessity to hold data, such as holding bank details in order to pay them, or National Insurance Numbers to comply with HMRC.”


Employers were also responsible for any breaches which occur with third-party companies.

Diversified Farms

Securing data

Securing data was a key part of GDPR, although it was left to the business to determine what security it used.

The more valuable, confidential and sensitive the personal data, the greater the level of security which should be imposed.

David Laing, of My Future Cloud, suggested businesses should consider:

  • Encrypting and/or pseudonymising personal data
  • Ensuring systems processing data were confidential and resilient
  • Looking at how they can restore availability and access to data quickly in the event of an incident
  • Putting a process in place for regularly testing and evaluating measures used
  • Making an assessment of the most appropriate measures for businesses

More tips are available on the ICO website

Farms which have diversified may have more data to consider with farm shops and other secondary businesses potentially serving thousands of customers, according to Ian Burrow, head of agriculture and renewable energy at NatWest.


He said: “If you have a marketing database, you must make sure you contact every one of them to confirm they are happy for you to store their data, and keep a record of when and how they gave you the permission, even if it is not your core business.


“Key to the legislation is consumers will have a ‘right to be forgotten’, meaning if they ask for their data to be deleted and there are no legitimate reasons not to, it must be destroyed.”


Businesses also have to give those customers a simple, straightforward way to withdraw consent.


About 60 million people in the UK have personal data stored by organisations and cybercrime cost Britons £1 billion last year due to data security breaches.

Post a Comment
To see comments and join in the conversation please log in.

Most Recent