Over the last few months, there has been much discussion over GDPR which is the new General Data Protection Regulation commencing 25 May 2018 and replaces the old Data Protection Act 1998.
I was recently informed during an update course that little over 500,000 businesses have registered under the Data Protection Act even though it is thought it should be approximately 2.5 million. In order to register you need to visit the Information Commissioners website https://ico.org.uk/for-organisations/register/
Generally, a business will need to register under the Data Protection Act if it:
- Makes use of CCTV for the purposes of crime prevention.
- Processes personal information electronically. This can be obtaining, recording, storing, updating or sharing.
- Is responsible for deciding how the information is processed.
If you answer yes to the above then you are likely to need to register with the ICO.
In many respects, GDPR is simply an overhaul of the current Data Protection Regulation which is no longer fit for purpose especially when you consider the advancement in internet use and social media over the last 20 years.
The core aim of GDPR is to protect the personal data of European Citizens through the main principles below:
- Lawfulness, Fairness and Transparency – Can personal data be legally held, is it fair to do so and does the individual know you have it?
- Purpose Limitation – You should only use personal data as originally intended.
- Data Minimisation – Only hold the data you need.
- Accuracy – You have a responsibility to ensure the data held is accurate.
- Storage Limitation – Do not hold data longer than necessary.
- Security and Confidentiality – Data must be secure and held confidentially at all times.
If you are unsure whether you need to register then please visit the ICO website or to obtain formal advice please contact your solicitor.
The views expressed in this article are the personal views of the Author and other professionals may express different views. They may not be the views of Lambert Chapman LLP. The material in the article cannot and should not be considered as exhaustive. Professional advice should be sought in connection with any of the issues contained in the article and the implementation of any actions.