GDPR – A Snapshot
There are just a few days to go before the GDPR legislation will come into force, but according to a recent poll, 89% of organisations in the UK remain “confused” by GDPR. Organisations will need to act fast if they have not already made progress with the new legislation – here are a few tips from us to help you along the way.
What is GDPR?
General Data Protection Regulation (GDPR) will come into force on 25May 2018. It will replace the European Data Protection Directive 95/46/EC, which was implemented in the UK as the Data Protection Act 1998.
For organisations, it will increase governance and accountability surrounding the use of personal data, making organisations more responsible for how they hold and process data. There will also be increased requirements for consent and increase the level of fines for data breaches.
Levels of protection
There are a number of levels of data protection accreditation currently available to businesses. They range from a “basic” entry level scheme, called Cyber Essentials (CE) to top level ISO27001. CE is the recommended minimum level of protection, backed by government.
Will Brexit affect the GDPR legislation?
In short, no. GDPR applies to those organisations both within the EU and those outside the EU but holding personal data of EU subjects. Therefore it will remain unaffected by Brexit and is unlikely to change after Britain leaves the EU.
Consent of children
If your organisation handles children’s data, there are extra things to consider. Children have the same rights as adults over their personal data, so it is important that they understand how they consent to the collecting and processing of their data. Furthermore, the age of the child must be considered since only children aged 13 or over are able provide their own consent. Under that age, they must have the consent from a parent or guardian.
Every business must be considering how they will address GDPR compliance in a manner which is workable for their business. The ICO has issued guidance that they acknowledge a difficulty is adjusting to the legislation, however, any company will need to comply, or at least be able to demonstrate that they are taking reasonable steps to become compliant as soon as possible.
If you would like some further advice on any of the above, contact Downs Solicitors to see how we can help.