Get ready for the new GDPR.

posted in: GDPR, Information security | 0

On 25th May 2018 new regulations come in to effect across Europe – The General Data Protection Regulation (GDPR). These rules affect data held on European citizens – so just to confirm, that still affects UK businesses.

Whilst this is not the Data Protection Act – the UK legislation, it is important for businesses to start preparing their policies and procedures to meet the new recommendations. Previously UK law has been updated or created to work alongside EU recommendations – the Data Protection Act 1998 was enacted to bring British law in line with the 1995 EU Data Protection Directive. Bearing that in mind – the Data Protection Act is currently being reviewed.

The world has changed a great deal since the 1995 and 1998 legislation, and this overhaul is aimed at bringing the key principles of data privacy up-to-date.

Increase coverage
The biggest change in the legislation has been the increased scope of organisations effected. Under the GDPR (General Data Protection Regulation), all companies processing the personal data of subjects residing (living) in the European Union are covered, regardless of the company’s location. If the company is based outside Europe, the business will have to appoint a representative in the EU.

Consent
The terms for consent have been strengthened and clarified – Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.

Penalties
There are financial penalties for non-compliance. A tiered system of fines will be put in place.

Data Subject Rights have also been included within the regulations covering, breach notification (should you be hacked or lose data), right to access for subjects (this will be provided free of charge and in electronic format), the right to be forgotten (the deletion of personal data), data portability, privacy by design and data protection officers.

The full regulation is available to view and download from http://www.eugdpr.org/eugdpr.org.html with a list of key changes available on http://www.eugdpr.org/key-changes.html.

The UK Information Commissioners’ Office (ICO) has published a 12 step guide on how to get ready for the new GDPR https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf .

Leave a Reply

Your email address will not be published. Required fields are marked *