It has been reaffirmed in the Queen’s speech that the UK Government will implement the EU General Data Protection Regulations despite pending Brexit negotiations.
There is now just under a year until the May 2018 deadline for EU member states to incorporate GDPR in to their domestic laws; and all U.K. Organisations who handle personal data will need to ensure they comply.
The speech which opens a two-year session of parliament, committed the U.K. to maintaining its world-class protection of people’s personal data.
An additional document detailed additional rights for individuals to demand social media and other digital companies delete personal data they have shared prior to turning 18.
But it also made clear, a priority to allow police and other authorities to “continue to exchange information quickly and easily with international partners” to fight terrorism and other serious crimes.
Organisations now need to ensure they understand how new GDPR rules will affect the way they collect, process, protect and manage personal data, and this might include a need to revalidate consent from data subjects or amend policies and procedures, to make sure such staff are compliant in their handling data.
Now would be a good time to conduct a Data Protection Audit which will identify the personal information within a company and how it is used.
Organisations will also need to be familiar with Data Protection Impact Assessments (DPIA) and designate a Data Protection Officer (DPO). Guidance from the ICO is expected in the coming months.
This is the biggest reform in data protection laws since the 1998 act so organisations may benefit from a workshop with a GDPR Consultant.
Assent Risk Management can work with you to conduct a Data Protection Audit or deliver a Workshop Session to teach key staff about GDPR requirements.
Contact us for more information.