12 Steps to take now
The current Data Protection Act is due to be replaced by general data protection regulation (GDPR) on the 25th May 2018. GDPR is the biggest overhaul of data protection legislation for over 25 years and will introduce new requirements for how organisations process personal data.
Click here to see the ICO's
12 step guide to what organisations should be doing now.
Although the GDPR shares similarities with the existing UK Data Protection Act 1998 (DPA), it also has some new and different requirements.
Under GDPR, UK citizens will benefit from new or stronger rights:
- to be informed about how their data is used;
- around data portability across service providers;
- to erase or delete their personal information;
- over access to the personal data an organisation holds about them;
- to correct inaccurate or incomplete information; and
- over automated decisions and profiling.
Following the vote to Brexit, the future of this law was unclear, but we can now be fairly certain that we will still be part of the EU when the deadline for compliance comes into force, and so we will have to comply with the new law. The UK government have also confirmed that they will be putting in place very similar legislation when the GDPR no longer applies, so it’s important that you are aware of the changes, and start to look at implementation now.
The main changes about which you need to be aware are set out and explained further below:
- Removal of registration requirement
- Focus on accountability and transparency
- Change to definition of consent
- Need for Privacy Impact Assessment
- Legal requirements for policies
- Right to be forgotten
- Changes to Subject Access
If you need further advice contact SIL Solutions by Tel 0207 993 5016 or email firstname.lastname@example.org