General Data Protection Regulation (GDPR)
Current Data Protection Legislation
Anyone who uses and stores information about people who use their services, suppliers or their workforce must ensure that the data is held in accordance with the Data Protection Act (DPA). This means to:
- Only keep information for a specific purpose
- Keep it secure
- Make sure it is up-to-date
- Only hold as much as you need for as long as you need it
- Allow the person or subject that the information is about access on request
Changes to Legislation
The GDPR comes into effect from 25 May 2018 and it is likely that it will affect all of our members.
It follows the same principles as the DPA, but with additional requirements on consent, privacy and access. It includes the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- The right not to be subject to automated decision-making including profiling.
The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights. One of the things they do is to enforce data protection so happen to be the experts on compliance. They are very approachable and have easy-to-read materials available for free, as well as a handy helpline (number below).
They have produced a 12 step guide to preparing for GDPR:
https://storage.googleapis.com/scvo-cms/media/1624219/preparing-for-the-gdpr-12-steps.pdf
As well as more detailed guidelines which are available here:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Information and support
For further information and support, please contact the ICO directly
https://ico.org.uk
ICO Helpline: 0303 123 1113