General Data Protection Regulation

General Data Protection Regulation

Every company needs to have a Data Protection Licence and needs to comply with General Data Protection Regulation, which will come into force on 25 May 2018.  All companies holding any data or information on any living person, regardless of the relationship they have with that company, have to comply with legislation from 25 May.  Management of data will become highly regulated and we are sure that the impact will not be disproportionate on business but we’re painstakingly taking measures so that any data we hold, complies with the new legislation.

The law states that Data Protection Act controls how your personal information is used by organizations, businesses or the government. Everyone responsible for using data has to follow strict rules called ‘data protection principles’.  The law also says that data can be used for specifically stated purposes and kept for no longer than is absolutely necessary, handled according to people’s data protection rights.

Legislation isn’t about common sense that suits all, it’s about public protection, so the European Commission decided to strengthen the data protection laws that protect individuals within the EU.  The objectives are to give EU citizens back the control of their personal data and to unify the regulation within the EU.  Does your business hold personal data for EU residents, regardless of whether you are based inside or outside the EU?

Personal Data, General Data, Protection and Privacy

Personal data is any information about an individual’s private, professional or public life, including their name, photo, email address, bank details, social media updates, medical information, and even the IP address of their computer.  General data is any identifiable data on any living person – any data that compromises a person’s safety and privacy.  The latter is what you need to consider in order to ensure your company does not breach legislation.

If you are a company processing data, you will have to appoint a data protection officer. This person should be proficient at managing IT processes, data security, cyber-attacks, and other critical business continuity issues around the holding and processing of personal data.

They will be the responsibility of the Regulator rather than your Board of Directors. They are like a ‘mini-regulator’ who is independent of your organisation, so they will need to create their own support team and will be responsible for their own continuing professional development.

Your data controller must be able to prove that recipients have opted in.  This means you must allow people to give explicit permission for you to collect and use their data – that means two ‘opt in’ tick boxes – as well as the ongoing option to unsubscribe.  You will have to advise your customers about how long you keep their personal data, and provide them with contact details for your data controller and data protection officer.  SG

Make An Enquiry

Call us now on 07855 849232 or complete our Online Enquiry and we will be delighted to talk with you about your legal matter.

Free Enquiry

Back to all news

April 20, 2018 at 9:00 am
Category: GDPR

Share Article With: