Divider

On May 25th 2018 the new data protection reforms will take effect, and many people want to know how it will affect them.

The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

The ICO (Information Commissioners Office) have published a number of really helpful guides, and checklists.

Here’s the link to the ‘Getting ready for the GDPR checklist’:

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/

There is also the ’12 steps to take now’ guide here:

https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf

The ICO are aiming to provide a suite of data protection guidance that is as comprehensive as possible by May 2018, so it’s worth visiting their site to keep up to date as things move forward. https://ico.org.uk/

 

How the GDPR might affect your business

When you record a person’s details you are recording data, there are some rules that you may need to know:

Lawful Basis for Processing

Data can only be processed if there is at least one lawful basis to do so. The lawful basis for processing data are:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Source: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

 

Your rights to YOUR data under GDPR

Do you want to know your rights to any data that is held on you after the GDPR comes into effect on May 25th 2018, the ICO has published a guide under ‘Individuals Rights’, the link is here: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/the-right-of-access/

 

On a final note, The ICO have published a data protection self-assessment toolkit.

“Use our checklists to assess your compliance with the Data Protection Act and find out what you need to do.

Good information handling makes good business sense, and provides a range of benefits. You'll enhance your business's reputation, increase customer and employee confidence, and by ensuring that personal information is accurate, relevant and safe, save both time and money”.

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment-toolkit/

 

We hope our clients find some of this information useful, and we will update this post as more information becomes available.