Understanding Data Protection


“If you handle personal data .. it’s your responsibility to keep that information secure and ensure that the individual’s rights are respected”

The rules for Data Protection and Personal Privacy are changing, from the 25 May 2018 the Data Protection Act (DPA) will be replaced by the General Data Protection Regulation (GDPR). 

It is updated and enhanced regulation from the European Parliament, The European Council and European Commission that is intending to strengthen and unify data protection for all individuals in the European Union.

The regulation was adopted on 27 April 2016 and will be law in the UK on 25 May 2018.

There are rumours abound that the new rules don’t apply to small businesses and that it won’t happen because of Brexit .. neither are correct.  The GDPR applies to personal data regardless of the size of the organisation / business and the regulation comes into law while the UK is still part of the EU and equivalent regulation will be enacted post Brexit that will mirror the GDPR.

I’ve read lots, and lots (and even more than that) about the GDPR and the incoming changes and was going to write a lengthy blog for you .. but actually the ICO website has so much fantastic information and it is constantly being updated that I thought I would point you to the best resources I have found on there instead!

They are constantly updating the information so remember to check back in and relook at what they are publishing.

12 steps to take now

This is a really accessible PDF that is being updated as time passes .. it gives a great overview of what you ought to be thinking about and considering now.

Consent checklist

“Consent must be freely given, specific, informed and unambiguous .. a positive opt in .. it cannot be inferred from silence, pre-ticked boxes, inactivity and must be separate from other terms and conditions. 
There must be a simple way to withdraw consent … once given it can be taken back.”

The ICO have a consent checklist in this document .. page 38/39 are the ones to read.

Privacy notice checklist

Making sure your privacy notices are up to date and compliant is going to be key and this handy checklist is really helpful.

Self Assessment – Getting ready for the GDPR

This form takes you through the varying considerations and guides you towards seeing how ready you are (or aren’t) for the changes that are coming.

Full information

If you want to read the full information that the ICO has then this is the It was 44 pages when I downloaded it to read!!

The main ICO website can be found here

Rachael Savage