What is GDPR?
The EU's General Data Protection Regulation (GDPR) is the result of several years of work carried out by the EU to bring data protection legislation in line with the way data is presently used day to day in business.
Currently, the UK utilises the Data Protection Act 1998, which will be superseded by the new legislation. GDPR introduces far tougher fines for non-compliance and breaches, and gives the individual more control over what companies can do with their data.
When will the GDPR apply?
GDPR will apply in all EU member states from 25 May 2018. It is estimated that there is a significant lack of action in the IT industry presently and under half of all organisations are carrying out detailed assessments.
Giving Consent under GDPR
Consent must be an active process provided by the subject for whom the data is relevant as opposed to the current process of passive acceptance and active denial of consent.
Data Controllers must keep detailed records of when the consent was given.
The ‘Right to be Forgotten’
Individuals have the right to access any information a company holds on them and have the right to know why such data is being processed. If they chose to withdraw their consent then they can request their data to be deleted and data controllers are expected to respond within one month.
How does Brexit affect GDPR
Although UK is leaving the EU and Article 50 has been triggered, the process can take 2 years from when Theresa May invoked it which means that GDPR will take effect long before the legal consequences of the Brexit vote, meaning the UK must still comply for the time being.
Techolony provide consulting and formal accredited GDPR training courses at classrooms around the UK to enable our clients prepare for May 2018. If you require any help or assistance and wish to be contacted by one of our consultants for some free impartial advice then email [email protected] or phone our Manchester office on 0161 209 3922.