In 1984 DPA regulations were put in place to keep personal information protected and although it was revised in 1998 the Data Protection Act finds itself lacking in 2017 after almost 20 years of an explosive digital culture.
Its replacement, called GDPR (General Data Protection Regulations) will come into effect on 25 May 2018 and make no mistake these regulations are there to protect the consumer and they do so vigorously.
What your business will be required to do:
- Keep thorough records of how and when an individual gives consent to store and use their personal data. Not in the form of a tick-box, but a very transparent audit of consent.
- Document what information is held, along with evidence of where it came from and who it has been shared with. If you have inaccurate data and have shared that with another organisation, it’s your responsibility to pass that message on, so accurate updates can be made.
- Check that your processes are in line for how you might delete or provide personal data upon request. There are several ‘rights’ that the GDPR considers:
- The right to be informed and have access to the data held
- The right to have erroneous data corrected
- The right to request that data be deleted
- The right to data portability – an ability for consumers to obtain and reuse their personal data across different services
- The right to object to data being processed in specific ways, including automated decision making
- Ensure that you have the right protection in place to detect, report and investigate a personal data breach
These are just a few of the measures included in the new regulations - all of which you will need to comply with.