The General Data Protection Regulations (GDPR) is set to be implemented on 25 May 2018. It increases the obligations on all businesses to ensure the safety of personal information of individuals stored on their systems, whether they are customers, suppliers or employees.
The GDPR will apply to data ‘controllers’ (employers) and now data ‘processors’ (employees) In the past, the Data Protection Act only applied to controllers. Controlling involves manipulation in terms of interpretation or decision based data. The role of the processor involves the storing, retrieving and erasing of data.
The GDPR applies to personal data, but the definition is wider than under the current Data Protection Act (DPA) The regulations place greater emphasis on the documentation that data controllers must keep, to determine their accountability.
Many of the main principles of the GDPR’s are similar to those in the current Data Protection Act (DPA) so if your business is complying accordingly with the present law, then most of your current compliance will remain valid and can be the starting point to build from.
However, there are new factors and significant enhancements. Your business will have to do some things for the first time, and a number of things differently. It is essential to start planning your approach to GDPR compliance now, with the rules coming into effect in May 2018.
To start with, you will need to gain ‘buy in’ from key people in your organisation. You may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. The complexity of your business will depend on the cost.
One key new feature is having to show how you conform with the rules. Evidencing compliance is known as the ‘accountability’ principle.
Employers: it is useful to start with mapping out the personal data that the business holds and from there you can establish what consents and extra steps you need to put in to comply with these new Regulations, including any new policies and procedures for a fixed fee.