We are currently all familiar with the requirements of the Data Protection Act 1998 but may not be so aware of its replacement by the new GDPR (General Data Protection Regulation) which in the UK will take effect from 25th May 2018.
The GDPR is set to be a very detailed set of regulations which will place a legal responsibility to ensure the correct use and storage of data within organisations that are currently subject to Data Protection laws. Like the DPA, the GDPR has been designed to protect the individual’s right to privacy but it also places a strong focus on that individual’s right to understand the type of data that is kept about them.
The new law regulates specifically for data accuracy, the length of time that identifiable data is kept and the reporting of data storage. The penalties for compliance failure with the new GDPR are going to be high and all organisations with more than 250 employees or who hold data for over 5000 people will be required to have an expert data protection officer.
Preparing for GDPR
The new General Data Protection Regulation legislation will obviously have an impact on IT systems, and businesses are being advised by the ICO to prepare these systems and their staff early. At Absolutely PC, we have been offering Data Protection advice and help for many years and are happy to assist you with any GDPR questions you might have. Our IT system recommendations include:
- Auditing existing data collection and storage systems as new legislation will apply to both existing and new data.
- Tightening up systems for dealing with data loss.
- Examining how encryption or tokenisation can reduce the risk of data loss.
- Ensuring system compliance with the new regulations by facilitating opt-in for third-party data sharing.
- Building privacy-friendly practices such as data anonymity into system design.
- Preparing systems to deal with the tighter data reporting time restrictions of 72 hours.
- Creating systems that will deal efficiently with consumer requests to delete or report on personal data.
- Preparing for DPIAs (Data Protection Impact Assessments) if you are an organisation that uses ‘high risk’ processing (as yet to be identified).
Information about the GDPR regulations and their forthcoming impact on businesses are still unfolding. It is vital that organisations start to deal with system requirements now in order to ensure a smooth transition into compliance in May 2018. For friendly advice and help with all of your data protection and security issues feel free to get in touch with the expert team here at Absolutely PC.
If you find it difficult to make time to look ahead and deal with future issues, our blog post on achieving your business resolutions might help.