As of 25 May 2018 the General Data Protection Regulation (GDPR) will be enforced on organisations that process personal data of EU residents. Although very similar to the current Data Protection Act, the GDPR will strengthen the current data protection requirements by introducing a number of key changes for organisations. Some of these changes include:
- The definition of personal data being broader
- Consent will be necessary for processing children’s data
- The rules for obtaining valid consent have been changed
- The appointment of a data protection officer (DPO) will be mandatory for certain businesses
- There are new restrictions on international data transfers
- Data subjects have the right to be forgotten
For more information on the GDPR’s key changes you can visit:
Some things to consider when preparing to become GDPR compliant are:
- Are key decision makers and key people in your organisation aware that the law is changing to the GDPR?
- Is a record kept of the personal information you hold, and a log of where it came from and who it is shared with?
- Do your procedures in processing personal data comply with the individuals rights? (how you delete personal data or provide data to others)
- If someone requests personal information, are procedures in place to ensure data protection is upheld?
- Do you seek, obtain and record consent you gain from clients?
- Do you have an assigned Data Protection Officer?
- Do your current procedures in place enable you to detect, report and investigate a personal data breach?
There is plenty of time to decide what type of risk assessments need to be carried out to ensure compliance with the new regulation is upheld but organisations should start to act as soon as possible as the maximum penalties for non-compliance under the GDPR will increase significantly – from £500,000 to the greater of €20,000,000 or 4% of an organisation’s global turnover.
For more information you can visit our website https://www.torrwaterfield.co.uk/news/latest-news-for-business/archive/news-article/2017/september/get-ready-for-the-new-data-protection-rules
If you wish to discuss this further then please get in touch 0116 2423400
Amy Fisher, Reception & Administrator