09 May

Preparing for GDPR (General Data Protection Regulation)

The EUs 1995 data protections regulation is being comprehensively reformed which will be recognised as the GDPR (General Data protection Regulation). This is being developed to strengthen data protection and online privacy rights for individuals within the EU (European Union).

25th of May 2018 is when the new legislation will come into effect and this will form a legal framework across all EU member states.

1 – Knowledge is power

It is essential that all key personnel in your organisation are aware of the changes to the law surrounding GDP and the effects that this will have.

2 – Data capture

All data that is captured and held needs to be documented. It is important to keep records about the source of information as well as who it is shared with

3 – Review privacy notices

Success will require a good understanding of the GDPR, reviewing of current policies and an alignment to the GDPR.

4 – Individual rights

Check all procedures to ensure all rights are covered for an individual. How will deletion / sharing of data be managed?

5 – Subject access requests

Focusing in new timescales, update procedures and also know how requests will be handled

6 – Processing of personal data

Be sure of the legality surrounding the processing data. There will be various types of data processing in place that will require attention.

7 – Content

Review all content that you are seeking, attaining and capturing. You may find that process changes are required.

8 – Children

When capturing data on children it is key to seek/gain parental or guardian consent.

9 – Breaches

When a breach in personal data occurs, a procedure should be in place to ensure detection with reporting and inspection done in a timely and orderly manner.

10 – Protection Impacts and Data Protection

Familiarity is advised on the guidance provided by the ICO on Privacy Impact Assessments, this  will help you understand how and when implementation should take place.

11 – Designated officers

Where relevant, an officer / person should be appointed or designate someone to have firm responsibility for compliance and data protection within an organisation.

12 – global considerations

An organisation with international operations will need to consider the data protection supervisory they fall under.

 

Share this

Leave a reply