GDPR - General Data Protection Register
Start preparing for the GDPR
On 25 May 2018 the Data Protection Act 1998 will be replaced by the General Data Protection Regulation (GDPR). It gives consumers a new right. What is this and how can you prepare for the GDPR?
Major change. Businesses have been subject to the requirements of the Data Protection Act 1998 (DPA) for nearly 20 years, but on 25 May 2018 the DPA will be replaced by the General Data Protection Regulation (GDPR). If you are currently subject to the DPA , it’s almost certain that the requirements of the GPDR will apply to you. Although it mirrors much of the DPA , the GDPR goes much further in certain areas and grants individuals more extensive rights.
Data requests. For example, consumers will: (1) have more rights to be informed about what businesses are doing with their personal data; (2) be given greater rights to access and have control over their personal data; (3) have the right to access their data free of charge (currently they can be asked to pay £10 if they make a subject access request); and (4) be entitled to request that data about them is erased.
ICO in charge. As with the DPA , the Information Commissioner’s Office (ICO) will be responsible for policing and enforcing the GDPR . It’s urging all businesses to get up to speed on the new legislation and start taking immediate steps to ensure their full compliance. Over the coming months, more information will be released about the GDPR , but in the meantime the ICO has launched a new data protection reform website (see The next step ). As well as videos and a blog there are free guidance notes that you can download.
Tip. Just like the DPA , there is no small business exemption - so don’t ignore this change. You may find it helpful to work through the “Getting ready for the GDPR” self-assessment checklist (see The next step ).
The next step - Consumers will be able to access the data you hold on them free of charge. Small businesses have no exemption from the GDPR. You can prepare for it by working through the ICO’s self-assessment checklist.
LINKS: