What is GDPR?
GDPR is the European Union’s General Data Protection Regulation which comes into force on 25 May 2018
Why is it significant?
In GDPR, The EU is leading the globe in the shake up in Data Protection. For citizens, the regulation is a good thing. For businesses and organisations that manage personal data, compliance will take time and effort. The regulation is applicable for any EU citizen on the planet regardless of where they live. Thus, if a US company has customers in the United Kingdom the management of the customers data must be in accordance with the EU’s General Data Protection Regulation even though the United States is not located in Europe.
How will Brexit affect GDPR?
The General Data Protection Regulation comes into effect before the United Kingdom Leaves the EU. The UK Government have demonstrated their commitment to establishing it in to UK law post brexit with their Data Protection Bill.
Do I have to comply with GDPR?
As an EU Regulation GDPR compliance is mandatory. Significant financial penalties exist for those organisations that fail to adequately protect the data they hold, and report any data breaches within 72hrs. Should a breach occur, the organisation may be further vulnerable to affected parties seeking financial compensation, as well as the strategic threat to reputation and trust.
What about the Data Protection Act?
The GDPR replaces the Data Protection Act and changes significantly the controls and processes governing how data , of employees, customers , suppliers, donors and volunteers must be managed and protected.
What has changed?
Right to erasure – The right to be forgotten
Subject access requests
Establishment od Data Protection Officer role.
How do I ensure that I comply with GDPR?
The Information Commissioners Office has set out the 12 step control framework for achieving GDPR compliance. Click on each of the tabs below to learn more about each control.
Who do you collect personal data from? Customers, staff, volunteers, donors, businesses
What personal data do you collect?
Where do you collect data?
How do you collect data – web page contact form, email,
Why do you collect data – legal basis? Ensure a register of all data collected and the justification for it.
Where do you store collected data
How long do you hold selected data?
How do you deleted selected data?
How do you anonymise data?
Education Likely tasks
GDPR baseline briefing
Register with ICO
Data Protection Officer
Customer Relationship Management System
Data Impact Assessments
How will you know?
What processes do you have?
Subject Access Request
Reporting Data Beaches