Come May 2018 there will be an overhaul in legislation relating to data protection policies. The new EU General Data Protection Regulation (GDPR) will be enforced for all companies within the UK and it is vital that business owners and those responsible for data protection policy within a company have everything in place to ensure a seamless transition to the new protocol.
It may have been considered as a new regulation not to be concerned about as the UK is in the process of leaving the EU as part of the Brexit referendum decision, but the reality is that these changes still apply. There are three reasons for this. The first reason is that British companies will still be tied to the EU as the new legislation comes into force next year, with 2019 the year in which the UK leave the European Union. The second reason is that the GDPR is aimed at all businesses that deal with EU customers. So even for companies based at a location outside of the EU, the new legislation is relevant. Finally, it is highly likely that the UK will choose to embed this, or their own version of the GDPR into any new legislation that they develop as a result of Brexit.
There are a number of points that business owners dealing with EU customers will have to address prior to the change in legislation in May 2018.
Accountability – Any businesses that have not implemented a clear approach to GDPR after it has come into effect will have to demonstrate clearly that they have been compliant with data protection. This means that certain documents have to be maintained, that there are thorough privacy impact assessments carried out and that privacy by design and default is implemented throughout the company.
Data Collection Consent – One of the biggest changes related to the consent of the data you hold. Any collection and storing of data must only occur should you have explicit consent from the individual it relates to. Any existing consent you have for data historically held no longer applies, and you will have to gain consent for that information all over again.
Data Protection Officers – For some companies there will be a requirement for a Data Protection Officer (DPO) to be in place. This could be someone qualified within the organisation or an outside party brought in as a consultant.
Greater Individual Rights – From May 2018 all individuals will have a greater say in the data relating to them that is being held by companies. You, as an individual, will have the right to object to the processing of information that relates to you, as well as data portability, profiling and all aspects of data control and management.
Re-Writing of Privacy Policies – It is vital that all existing documentation relating to privacy policies is re-written to include the new regulations. Detailing clearly the newly enhanced rights of individuals.
Breach of Information Protocol – The new rules call for any breach of information to be reported within 72-hours of the event. With an updating of processes within privacy policies to demonstrate how such a problem is resolved.
Trainer Bubble understands that there is a lot to think about when it comes to preparing your company for the change in data protection regulations that are coming into force next year. With that in mind we have put together a GDPR e-learning course to help your employees prepare for those changes in a smart and effective way.