The General Data Protection Regulation (GDPR) implementation date is fast approaching and is set to come into play on 25th May 2018. The GDPR will replace the Data Protection Directive 1995 (the Directive) and the Data Protection Acts 1988 and 2003 (the Acts). GDPR and the Data Protection Bill 2017 (the Bill) – when enacted will predominantly supersede the previous Acts.
GDPR will be legally binding in the UK from its enforcement date (25th May 2018) and will govern the handling, accessing and transferring of personal data. Personal data also includes the processing of ‘Special Categories of Personal Data’ (SCPD) which requires increased protection.
Those responsible may process SCPD which requires its own due diligence, steps will have to be taken in advance, before the commencement of GDPR.
Although many organisations are seeking external organisations to assist with the processing of data, the appointed trustees will remain ultimately responsible for compliance with GDPR.
As the trustees will remain responsible for compliance with GDPR, all data controllers will be obliged to do the following regarding personal data:
• Obtain and process data fairly
• Keep it and use it only for the purpose specified, explicit and lawfully
• Disclose it only in the manner compatible with its purposes
• Keep it safe and secure
• It should be kept accurate, complete and up to date
• The data should be enough, relevant for purpose and not excessive
• It should not be kept longer than necessary
How those responsible comply with these obligations should be proportionate to the nature and complexity of what it is being used for. Bearing in mind their duty of care to the individuals they hold data abouts interests and the risk in the event of non-compliance or a security breach.
A reminder of the primary changes under GDPR:
• The Supervisory Authority
• Internal records
• Registration with DPA
• Privacy notice/Data Protection Statement
• Data Subject Consent
• Strengthening Data Subject Rights
• Breach Notifications
• Enforcement and Penalties
If you are a business with CCTV, Access Control or any other integrated Security system which collects data and want guidance and support in preparing for GDPR, contact Antron Security on +44 (0)1923 855 006 or email firstname.lastname@example.org.