GDPR compliance for freelancers and contractors

By: Janthana Kaenprakhamroy

Date: 10 July 2018

GDPR compliance for freelancers and contractorsWith the introduction of GDPR, it's more important than ever to be aware of your data responsibilities. If you're a freelance or contract worker, it's likely you handle a lot of data - and you don't have an employer to look after data protection compliance. This can lead to both legal and reputational risk.

Freelance and contract workers are responsible for data protection, just like any other small business. Here's how to protect yourself.

What does GDPR mean?

The General Data Protection Regulation (GDPR) came into force on 25 May 2018, bringing the data protection laws of all EU countries into line.

The regulation means those who hold and manage personal data have a responsibility to the person that the data relates to (the ‘subject'), to make sure that their data is properly managed and protected.

Failure to comply can result in fines of up to 4% of global revenue.

What are my responsibilities under GDPR?

GDPR means that if you work with data relating to people, you must make the appropriate efforts to keep it secure and prevent its accidental destruction or damage, or its unauthorised use. This can be:

  • ‘personal data', such as a person's address or identification details;
  • ‘sensitive personal data' such as a person's religion or sexual orientation (which they may not wish to share widely).

You are responsible for reviewing how you acquire, record and manage consent for data, including the consent of a guardian for children's data.

You must keep records of data you possess, how you acquired it and who can access it, as well as conducting privacy impact assessments. If you work across multiple locations you also need to make it clear where you're based.

Finally, you should have a clear strategy in place regarding what you will do if a data breach occurs.

What are the risks for freelancers and contractors?

Freelance and contract workers are often given access to data held by companies they work with - for example, in their content management system (CMS) or in the folders on their server. Even with a limited 'guest' login profile, you may have access to a lot more data than you realise.

It's important to note that while you may work with a company on a contractual basis, you won't be protected by the same policies as its employees.

As well as protecting personal data, in your work as a freelance or contract worker you may also need to consider intellectual property rights, such as image usage rights, and how you make sure that the information you publish is factually correct.

How can I protect myself?

If you aren't yet prepared for GDPR, don't panic - but do make sure you establish a compliance plan as soon as possible and take good care of any data in your possession.

Sensible strategies include:

  • making sure your devices can't be opened by others if they're lost or stolen - for example through password protection or encryption;
  • keeping up with security updates and antivirus protection;
  • never accessing client data through public wifi connections;
  • deleting client data held on your devices and any connections to their systems when you've finished working with them.

You may also want to consider professional indemnity insurance, which protects you against costly legal action if you fall foul of:

  • data protection breaches
  • charges of libel or defamation;
  • confidentiality breaches and other breaches of contract;
  • intellectual property disputes.

Getting insurance is often considered too time-consuming and expensive. But you may be able to take it out as and when you need (such as for a single project) with an on-demand insurance provider - giving you peace of mind when you need it without long-term financial commitment.

Sponsored post. Copyright © 2018 Janthana Kaenprakhamroy, founder/CEO of Tapoly