Oakleaf Birmingham hosted a GDPR update seminar last week in partnership with Aristi, Information Risk Management & Security Consultants.
GDPR is an EU regulation which, as of 25th May 2018, is immediately applicable to each member state. With just over a month left until the deadline, the pressure is on. Though, if you are compliant with the Data Protection Act of 1998 it shouldn’t be too difficult to ensure your processes are in line with GDPR regulations.
For GDPR to be effective it is important that everyone in the business is involved and that processes are standardized across the whole organisation. Organisations have a duty to data subjects (this is everyone whose data they have) to protect their information against GDPR regulations.
One of the most important aspects of GDPR legislations is that everyone should be clear on how they are expected to handle data. Organisations need to ensure they are consistent in the application of GDPR across an organisation. It’s important to be upfront and honest about the data you have, to explain why you need certain data and how long you will store it for.
Whilst GDPR is a new legislation coming into place, it has similar principles to the Data Protection Act, though these have been extended. Compared to the Data Protection Act, GDPR is slightly stricter, and encompasses a ‘positive consent’ approach. This means that rather than automatically assuming consent, organisations must gain consent for use of another’s data.
Our rights are changing as individuals – whilst we have always had the right to request information around our own personal data, there are now stricter deadlines around this. Under the Data Protection Act companies had to act to provide this information within 40 days and could request an administration fee. Now companies must respond to your information request within 30 days and there is no longer a fee associated with this.
Going forward, from an organisational perspective data protection needs to be a built-in process. All staff need to be trained on the appropriate way to handle the data they will come into contact with. It’s also important that there are polices in place to deal with data breaches when they happen. This should be standardised across an organisation to ensure a consistent level of data protection is given. The overall aim for all companies is that data security should become the norm and a part of everyday policies and procedures.