News

20 Nov 2017

Are you up to speed with GDPR?

On the 25 May 2018 new legislation on General Data Protection Regulation (GDPR) will come into effect.

This will provide consistent data protection legislation across Europe regarding collection, storage and security of personal data. It will therefore be vital that you are familiar with the new legislation as GDPR applies to any company, large or small, that routinely processes personal data.

If your business already complies with the Data Protection Act (DPA), then you will already be fulfilling many of the obligations under GDPR. However, if not the following steps will help you prepare for GDPR:

• Check that your organisation has a defined process for capturing, processing, recording and storing personal data that is safe, secure, robust and appropriate
• Ensure that a lawful basis for processing personal data has been established and remove blanket consent instructions from any existing documentation. Where possible, aim to anonymise personal information and delete information when it is no longer needed
• It is only a requirement for larger organisations, employing over 250 people, to appoint a dedicated Data Protection Officer, but make sure that existing data processors and data controllers are clear about their roles and responsibilities under the new GDPR
• Utilise free ICO resources such as their online questionnaire, to understand your companies position when it comes to GDPR
• Provide adequate training and information to employees about data protection legislation and how your organisation is preparing for GDPR
• If any automated profiling methods are used, check that individuals are provided with clear information about the use and purpose of profiling and are given an opportunity to request an alternative method
• Review current information management systems to check security measures comply with GDPR and revise if necessary
• Prepare a robust security framework that includes emergency plans, worst case scenarios and privacy breach risk assessments
• When designing new projects, ensure privacy impact assessments (also referred to as data protection impact assessments) are an integral part of the initial design process, so that any data processing risks can be identified and addressed at the design stage
• Ensure that all data security arrangements are regularly reviewed and updated

For more information on GDPR, visit www.ico.org.uk

Read more like this here