The EUs 1995 data protections regulation is being comprehensively reformed which will be recognised as the GDPR (General Data protection Regulation). This is being developed to strengthen data protection and online privacy rights for individuals within the EU (European Union).
25th of May 2018 is when the new legislation will come into effect and this will form a legal framework across all EU member states.
1 – Knowledge is power
It is essential that all key personnel in your organisation are aware of the changes to the law surrounding GDP and the effects that this will have.
2 – Data capture
All data that is captured and held needs to be documented. It is important to keep records about the source of information as well as who it is shared with
3 – Review privacy notices
Success will require a good understanding of the GDPR, reviewing of current policies and an alignment to the GDPR.
4 – Individual rights
Check all procedures to ensure all rights are covered for an individual. How will deletion / sharing of data be managed?
5 – Subject access requests
Focusing in new timescales, update procedures and also know how requests will be handled
6 – Processing of personal data
Be sure of the legality surrounding the processing data. There will be various types of data processing in place that will require attention.
7 – Content
Review all content that you are seeking, attaining and capturing. You may find that process changes are required.
8 – Children
When capturing data on children it is key to seek/gain parental or guardian consent.
9 – Breaches
When a breach in personal data occurs, a procedure should be in place to ensure detection with reporting and inspection done in a timely and orderly manner.
10 – Protection Impacts and Data Protection
Familiarity is advised on the guidance provided by the ICO on Privacy Impact Assessments, this will help you understand how and when implementation should take place.
11 – Designated officers
Where relevant, an officer / person should be appointed or designate someone to have firm responsibility for compliance and data protection within an organisation.
12 – global considerations
An organisation with international operations will need to consider the data protection supervisory they fall under.