Preparing for the new GENERAL DATA PROTECTION REGULATION Requirements
The General Data Protection Regulation (‘GDPR’) replaces the existing Data Protection Act (‘DPA’) and comes into effect on 25 May 2018.
How is GDPR different to DPA?
GDPR places greater emphasis on the way in which businesses process personal data, whether they are clients, prospects, employees, contractors or suppliers, including:
- Increased requirements on businesses to keep records and implement policies.
- Changes to the procedure and time frame for data retention, reporting data breaches and responding to subject access requests.
- A requirement to be more transparent in relation to how personal data is used.
- More rights for the individuals whose personal data is processed.
- The requirement to appoint a data protection officer in certain circumstances.
How will GDPR affect businesses?
All businesses need to review their processes and documentation and ensure they are compliant before 25 May 2018. You may need to implement, change or review:
- The personal data you collect, store and how you use such data.
- The legal basis for using the personal data and if consent is required.
- How long you retain personal data.
- Employment contracts.
- Your procedure for the investigation, recording and reporting of data breaches.
- GDPR compliant clauses within agreements with third parties who process personal data on your behalf.
- Agreements for the sharing of data with third parties.
- Safeguards for the transfer of data outside the European Economic Area.
- A designated data protection officer.
- Processes in place to, amend, delete and transfer personal data to third parties.
- Privacy impact assessments for ‘high risk’ areas.
- Organisational and technical measures (including appropriate I.T. systems) to ensure personal data is kept secure.
- Staff awareness and understanding.
To discuss your GDPR requirements, then please contact us on 0113 227 0300 or email GDPR@gordonsllp.com.
News & ViewsView all News & Views
Data Protection – GDPR comes into force
On 25 May 2018 the General Data Protection Regulations (‘GDPR’) will come into force, replacing...
Complying with the new data protection regulations
Jessica Cumming considers how charities can ensure their compliance with the General Data Protection Regulations....
Be safe and secure with data protection
In an article for Academy Today, education expert Jessica Cumming considers how academies can ensure...