What is GDPR?
GDPR is the General Data Protection Regulation which came into effect on the 25th May 2018.
Many of the GDPR’s concepts and principles are similar to those contained in the current Data Protection Act, so if you comply with the law now you will have a good point to start from.
The GDPR places greater emphasis on the records that must be kept to demonstrate compliance with the law. Records must also be kept to show what data you hold, where it came from and who it is shared with.
When you collect personal data you will have to explain your basis for processing the data, how long you will keep it for and that individual’s have a right to complain to the ICO. Individuals also have the right to ask you to delete their information from your systems.
The Regulation places an obligation on all organisations to report certain data breaches to the ICO.
For more information contact the Information Commissioner’s Office at www.ico.org.uk