The law regarding protection of data is strengthening, giving people greater control over their own personal data, and requiring organisations of all sizes to be more accountable and transparent.
The General Data Protection Regulation (GDPR), comes into force on 25 May 2018, and will replace the current Data Protection Act.
Here’s a guide to GDPR from Chris Hanratty, managing partner at Watsons Solicitors.
What is personal data?
- It is any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier.
- Personal identifiers constitute personal data, including name, identification number, location data or online identifier.
- It includes automated personal data and manual filing systems
- Personal data that has been pseudonymised – key-coded – may also be covered
Who in your organisation does GDPR apply to?
- It applies to ‘controllers’ and ‘processors’.
- A controller determines the purposes and means of processing personal data.
- A processor is responsible for processing personal data on behalf of a controller. The processor must maintain records of personal data and processing activities, and has legal liability if responsible for a breach.
Take action – what you can do now
- Tell decision makers in your organisation about GDPR
- Document what personal data you hold, where it came from and who you share it with. You may need an information audit.
- Review your current privacy notices and plan for any necessary changes
- Check your procedures to ensure they cover all the new rights individuals will have
- Designate someone to take responsibility for data protection compliance
- Update procedures for handling requests within the new timescales
- Identify the lawful basis for your processing activity under GDPR and update your privacy notice to explain it.
- Review how you seek, record and manage consent
- Decide whether you need systems to verify children’s ages and to obtain parental or guardian consent for data processing activity
- Put in place procedures to detect, report and investigate a personal data breach
If you are unsure about GDPR, or have queries, please don’t hesitate to contact Watsons Solicitors. We are a leading law firm in Warrington, and have the expertise and knowledge to guide your business through GDPR.