GDPR or by its full title – The General Data Protection Regulation (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) and it comes into effect in May 2018.
In preparing for GDP the Information Commissioners Office give 12 steps your business can take now, some/all of which may well apply to you.
- Awareness – the key people in your business should know the law is changing.
- Information you hold – where has this come from?
- Individuals rights – do your procedures cover management of the data you hold
- Privacy information – does your business have uptodate privacy notices?
- Access requests- how will you manage individuals asking for what data you hold on them?
- Lawful basis for your data – You should identify the lawful basis for your processing activity in the GDPR
- Consent – have people given permission for you to hold their data?
- Children – if you have minor’s data you already need stringent processes in place, these will need to be tougher.
- Data breaches – do you have processes in place to manage a data breach?
- Data protection – you key people need to be uptodate on he policies and procedures for these new data protection regulations.
- Data protection officers – your business needs to have a key person to act as the data protection officer
- International – if you trade internationally then you need to determine your lead data protection supervisory authority.
One thing is for sure this new regulation is far more encompassing then the current data protection regulations and adds a whole new level of responsibility onto every business large and small. At the time of writing this update significant parts of GDPR are still to be finalised so for more detailed information and a ‘living’ document you need to head to the information commissioners website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr