The General Data Protection Regulation (GDPR) is replacing the current Data Protection Act on the 25th May 2018. This Regulation is intended to strengthen and unify data protection for all individuals within the European Union – The government has stated that the UK’s decision to leave the European Union will not affect the commencement of the GDPR.
The GDPR applies to ‘controllers’ and ‘processors’ of data. There is help available for businesses and public bodies to assist them in the preparations for the introductions of GDPR and further help is planned for the future. Specific legal obligations are being placed on processors – records of personal data and processing activities must be maintained and kept up to date. If these records are not maintained or are breached, processors will face increased legal liability. Under the GDPR, controllers are obligated to ensure that contracts with processors comply. Compliance can be proven by showing the appropriate steps have been taken.
Lawful processing is a key element of the GDPR – a lawful basis must be discovered and documented before personal data can be processed, as it now has an effect on individuals’ rights. The new individual rights the GDPR has created are:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Accountability and transparency is vital, and best judgement needs to be demonstrated. Every part of the process needs to be studied and identified as auditable. The GDPR has also altered the definition of consent; consent now must be freely given, specific, informed, unambiguous, unbundled and granular.
Sharing data is becoming much harder due to all third parties having to be named and consent must be given to each individual third party to ensure the consent is granular.
If you have any concerns about how this new ruling may affect the way your marketing is conducted please do not hesitate to get in contact with us on 01473 407027.
If you need further details and advice about the GDPR before its introduction, visit https://dma.org.uk/gdpr or https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
The information contained in this article is of a general nature and specific advice should be sought for specific situations. We believe the information to be correct as at the time of publication, September 2017. While all possible care is taken in the preparation of this article, no responsibility for loss occasioned by any person acting or refraining from acting as a result of the material contained herein can be accepted by the company or the authors.