On the 25th May, 2018, the General Data Protection Regulation or GDPR as it is commonly known replaces the existing Data Protection Act. It’s a European wide piece of legislation and the government have indicated it will not be affected by Brexit. Much of the publicity surrounding it, highlights the scale of the fines that could be imposed for non-compliance.
Whatever the size of your business, if you keep personal data whether digitally or on paper, the new legislation applies. To find out more, click to read this article on the Web-Clubs website.
For full details, visit the Information Commissioner’s Office by clicking this link.
- It covers all data traceable to an individual however stored including card files etc.
- Consent. It defines stricter criteria for obtaining permission, pre-ticked tick boxes for example are not permissible
- Inform. Why the data is held and what it is used for
- Access to data. Individuals (as with DPA) can access data held on them, the DPA charge of £10 can no longer be made
- Inaccuracies. The individual right to request inaccuracies are corrected
- Erasure. Request that data held can be deleted or forgotten
- Portability. Data has to be portable, allowing it to be transferred
- Restrict. Individuals have the right to stop their data being used, e.g. marketing, research