It may seem plenty of time away, but employers need to start thinking about the information held in their organisation and the General Data Protection Regulation (GDPR) which will apply in the UK from 25 May 2018.
nThis is an EU regulation which intends to strengthen and unify data protection for all individuals within the European Union. It replaces the Data Protection Directive and was designed to harmonise data privacy laws across Europe. In short, it means a single set of data protection rules across the EU and the Government has confirmed that ‘Brexit’ will not affect the introduction of the GDPR.
nPrinciples are similar to those existing within the Data Protection Act, such as data must be processed lawfully, but there are some additional details and a new requirement of accountability. This new principle is significant and requires that organisations show how they comply with principles which means decisions about processing data will need to be documented.
nFor individuals, the GDPR give individuals greater rights over the handling of their data which include easier access, a ‘right to be forgotten’ and the right to know when their data has been hacked.
nThere are exemptions for SMEs where data processing is not a core business activity, and these employers may also charge a data access fee where requests are 'manifestly unfounded' or 'excessive.'
nAs an organisation, it is important that you check whether you are affected by the new GDPR and start to document what personal data you hold, where it came from and with whom it is shared.
nThe Information Commissioner’s Office, which oversees data protection, has produced general information on the new GDPR which can be found here and a 12-step guide which outlines what organisations need to do.
nIf you would like further information or support for your business please contact Sheila Watson on 01429 857082, sheila.watson@hartlepool.gov.uk