Sometimes you can take a quick look at something and you fill in the gaps with what you know it should say – especially with things that are particularly familiar. The familiar can change and it could be so easy to miss it – Did you spot the deliberate error in the picture? Perhaps you don’t know that the top right picture is John Lennon – which is just scary from my perspective! (there was no Dave in the Beatles).
The UK Data Protection Act 1998 will be replaced just before its 20th birthday with a new Act based firmly on the General Data Protection Regulation. It’s still all about protection of personal data, which could mean that you think that your current approach is fine but the changes are not particularly subtle and they will take time and effort to implement in an organisation.
Look closer
It’s time to take a closer look at what you do in your business, consider the impact that you have in handling a person’s data and change the way you do things to ensure that you are compliant with the new regulations. The UK Information Commissioner has recommended you consider 12 steps:
- Become aware of what’s changing
- Document what information you hold
- Review how you communicate about privacy
- Check procedures support peoples rights
- Ensure prompt handling of access requests
- Identify your lawful basis for processing
- Refine how you seek, record and manage consent
- Establish processes to protect children
- Make sure you are prepared to report a data breach
- Familiarise yourself with Impact Assessments and implement them
- Consider your need for a Data Protection Officer
- Determine your International requirements
Gydeline is an online service which can help you identify what is required now and as your business changes – try it for a month and find out for yourself.
And when it comes to personal data, remember:
Possession isn’t nine-tenths of the law. It’s nine-tenths of the problem – John Lennon