Unless you have been on a very long holiday (lucky you if so!), it’s likely that you have heard the term “GDPR” a lot lately. GDPR stands for General Data Protection Regulation – which comes into effect in 2018 and is likely to change the way we all do business.
We thought we would answer 6 of the most common questions and hopefully this will help prepare you for some of the changes ahead.
1. WHAT IS IT?
GDPR is essentially going to replace the Data Protection Act of 1998 with new legislation for data protection that will be consistent across all of the EU.
2. WHEN IS IT HAPPENING?
The changes officially come in to effect on Friday 25th May 2018.
3. HOW WILL IT EFFECT ME?
This depends on how much, and what sort of data you hold. The new regulations apply to anyone who is in control of, or processing data. Any personal data should be processed “lawfully” and for a specific purpose. Once this is complete the data should be deleted.
The new rules also state that if you pass data you have collected consent for (we’ll come to this next) to someone else to use on your behalf then you need to be sure they too will be following the new legislation.
4. WHAT IS CONSENT?
One of the main revisions that is being introduced as part of these changes is the way that consent is given by data subjects. Data controllers must have consent that they are allowed to use individual’s personal data – and keep a record of how and when each individual gave consent. Upon this consent being given you must also specify how long you intend to keep/store the data provided.
This means no more pre-ticked boxes and no more ‘opt outs’.
5. WHAT CAN I DO TO PREPARE?
The Information Commissioner’s Office (ICO) are recommending that companies appoint a Data Protection Officer, who is responsible for and will act as a point of contact for all GDPR related queries.
You can also review, or create your privacy policy which should outline how you intend to use personal data, how long you’re going to keep it for an how individuals can be removed, or worse complain, plus more!
6. ANYTHING ELSE I NEED TO KNOW?
Yes, lots, probably enough for a series of blog posts! We haven’t even touched on breaches, access requests, the right to be forgotten or children’s data!
In the short term we would recommend educating your staff on the upcoming changes, reviewing your privacy policy and thinking about a strategy that will help you to get your current data subjects to opt in to future contact after May 2018.
If you have any comments about this post, or any questions you think we may be able to answer please get in touch.
Posted by Jonathan