Posted 20/06/2017 By: James Tarling
Some useful information regarding the new and upcoming Data Protection Law - GDPR (General Data Protection Regulation).
Effective from 25th May 2018.
Data Protection Principles – Personal data must be:
Accountability Principle – There are new obligations to implement appropriate measures to ensure and demonstrate that you comply with the GDPR including undertaking and documenting privacy impact assessments. Some organisations will be required to appoint a Data Protection Officer. Organisations with more than 250 employees have additional internal record keeping obligations.
Lawful Basis of Processing – The lawful basis for processing personal data is more important under GDPR. The lawful processing conditions are:
Individuals’ Rights – The GDPR codifies existing rights of data subjects and creates new rights:
Fair Processing Information – data subjects must be provided with certain information when data is first collected probably through more detailed privacy notices.
Subject Access Requests – similar to existing rights but with the time to respond reduced to one month (with the ability to extend for complex requests) and the removal of the £10 fee.
Breach Notifications – the GDPR incorporates new obligations to notify data subjects and the ICO of certain data breaches within 72 hours of the breach.
1. Plan – Create a project team reporting to senior management team to oversee compliance to ensure that have a coordinated approach to prepare for May 2018.
2. Data Protection Officer – Consider if you are required to appoint a DPO or if it would be helpful to do so. Identify appropriate candidate with necessary authority, skills and experience.
3. Audit – Identify what categories of personal data you hold or process and consider as a starting point in relation to each category:
If you have an enquiry or you would like to find out more about our services, why not contact us?Call Us On 0330 404 0773