The General Data Protection Regulation (“ GDPR ”) will come into force and apply to all EU member states from 25 May 2018. The UK’s decision to leave the EU will not affect the commencement of the GDPR. It contains eighty-eight pages, 99 articles and 173 related recitals and is therefore no small piece of legislation. Overall, the principles under the GDPR are similar to those under the current Data Protection Act. However, there are new elements and significant enhancements; particularly in relation to accountability. The GDPR puts the onus on organisations to show how it complies with the data protection principles and there is a greater emphasis on documenting specific activities. Other key changes to be aware of include: Wider scope of application – certain definitions under the GDPR have been broadened, for example, the definition of “personal data”. Higher penalties – the GDPR introduces tougher sanctions, including administrative fines for non-com
With the coming into force of EU data protection legislation and the rising reputational and regulatory risks from data breaches, please see below a data compliance checklist, which we hope your organisation or business will find useful. NOTIFICATION Business registered with the Information Commissioner’s Office? If registered, is entry up to date/relevant/wide enough to cover future uses? COMPLIANCE WITH DATA PROTECTION PRINCIPLES What personal information is held and why Is the information collected necessary for the purposes for which it is held? How is accuracy of personal information checked? How is information kept up to date? How long is information held? Where is information held? If on servers, where are servers based? Is the information secure? What staff have access to the information and why? Is the information disclosed to any third parties? What details are provided when information is collected? POLICIES Have staff been trained i