From Friday 25th May 2018, all organisations (including charities, businesses and public bodies) will have to comply with the General Data Protection Regulation (GDPR). Although the GDPR shares similarities with the existing UK Data Protection Act 1998 (DPA), it also has some new and different requirements.
Under GDPR, UK citizens will benefit from new or stronger rights:
- to be informed about how their data is used
- around data portability across service providers
- to erase or delete their personal information
- over access to the personal data an organisation holds about them
- to correct inaccurate or incomplete information
- over automated decisions and profiling
Organisations must be aware of all of their requirements and should prepare for the GDPR prior to its launch. They may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. In a large or complex organisation this could have significant budgetary, IT, personnel, governance and communications implications.
For further information on the GDPR and how you can prepare for its implementation, please visit the Information Commissioner’s Office (ICO) website.
Alternatively, for 12 steps to take now, view the ICO’s guidance document.