There is a big change coming in business, affecting the way companies acquire, store and manage data. May 25th 2018 introduces a new law the General Data Protection Regulation (GDPR). Many of the GDPR’s main ideas and principles are much the same as those in the current Data Protection Act (DPA), so current compliance will be a good starting point for the new law. Some thing, though, are different, and businesses need to evaluate their practices to ensure that they comply in the future.
The Information Commissioner’s Office (ICO) has produced a checklist and resources to help businesses work out the main differences between the current law and the GDPR. These are all available via the ICO’s Overview of the General Data Protection Regulation. The ICO is also working closely with trade associations and bodies representing the various sectors so you will be supported in implementation. It is essential to plan your approach to GDPR compliance now and to gain support in your organisation. Its possible that new procedures may be needed to comply with new transparency and individuals’ rights provisions. In a large or complex business this could have significant budgetary, IT, personnel, governance and communications implications.
A significant difference between the DPA and the GDPR is that the GDPR places greater emphasis on the documentation that data controllers must keep to demonstrate accountability. Compliance with all the areas listed in this document will require organisations to review their approach to governance and how they manage data protection as a corporate issue. For example, one step might be to review contracts and other systems you have in place when sharing data with other organisations.
Some parts of the GDPR will have more of an impact on some organisations than on others (for example, the provisions relating to profiling or children’s data), so it would be useful to map out which parts of the GDPR will have the greatest impact on your business model and give those areas due prominence in your planning process. A start to the introduction to GDPR is to review the ICO 12-Steps to GDPR document:
For further information, or to access our GDPR implementation programme, please contact us.