GDPR - Made Simple!
29 Jun 2017
On 25th May 2018 The General Data Protection Regulation (GDPR) will replace the Data Protection Directive from 1995. The new measures contain many of the same principles and concepts as the current Data Protection Act. Which means that companies already successfully abiding by the 1995 legislation will probably be covered. However, the penalties for non-compliance are severe, and GDPR cannot be ignored.
WHAT YOU NEED TO DO:
1. Conduct a data protection audit
• What data do you hold?
• Why you are holding it?
• How long will you retain it?
2. Look at the ways you collect personal data
• How do you get peoples’ consent?
3. Appoint a Data Protection Officer (DPO)
• All public authorities must appoint a DPO
• Private sector organisations must decide if they appoint a DPO (existing member of staff, or a new employee), or outsource the work
4. Review your data access request procedures
• Upon request, you must provide people with a copy of the data you hold on them within 30 days (free of charge)
5. Review your data protection procedures
If questioned by the Data Protection Commissioner, can you:
• Explain where the data is held
• Show if, where and how it is transferred within, and outside your organisation
• Show it’s easy to access
• Access people’s personal data
• Allow people’s personal information to “be forgotten” (but not in all instances)*
6. Following a Data Protection breach, you must:
• Notify the Data Protection Commissioner within 72 hours of becoming aware of the breach
• You must notify the individuals affected
*This does not affect other legislation
To recruit a Data Protection Officer, please call Emma Anglim on Brightwater's Business Support Team on 01 662 1000 or email firstname.lastname@example.org