On the 25th May 2018, the General Data Protection Regulations (GDPR) will come into effect. To avoid falling victim to strict fines, it’s vital you are aware of all the changes GDPR will bring. Luckily, we’re here to offer you a helping hand.
In the coming weeks we will take you through a series of practical steps your practice can take to ensure they meet the May 2018 compliance deadline.
Know your rights
GDPR introduces new individual rights, as well as enhancing those that already exist under the Data Protection Act 1998 (DPA).
Individuals now have the right to be informed, to access information stored about themselves, to rectify, erase, object or restrict processing of information, and have the right to data portability and rights related to automated decision making and profiling.
GDPR brings with it a number of new responsibilities and all staff must be educated on these changes.
GDPR enhances the Data Protection Act’s inexplicit handling of information. You are now required to be transparent with the individuals whose data you hold and ensure it is easily accessible.
Consent under the new GDPR law requires individuals to actively give consent – rather than merely not objecting as was the case with the DPA. They also have the option to withdraw consent.
Privacy by design
With privacy by design, privacy and data protection compliance is promoted from the start. This is an essential step to take to reduce risks.
Data Protection Officer (DPO)
When GDPR is formally introduced, some organisations with have to employ a DPO to oversee data, understand privacy law and ensure the organisation is compliant with GDPR. The designation of a DPO is not compulsory and depends on the size of the company.
Data Protection Lead
Those who don’t require a DPO are recommended to assign a Data Protection Lead to ensure GDPR compliance. A Data Protection Lead is essentially an education and awareness role. They are a champion of data protection within the practice and are trained to have a detailed understanding of the GDPR regulations so that they’re able to advise the staff in their practice.
However, it is important to note that a Data Protection Lead cannot be expected to ‘wave a magic wand’ and make a practice GDPR compliant. This is the responsibility of everyone in the practice who deals with personal data.
Data breach notification
Certain data breaches – such as a personal data breach – need to be reported to a supervised authority and, where necessary, to individuals. Penalties for breach of rules up to 4% turnover.
Educate your staff
To ensure you remain GDPR compliant, all your stuff must be knowledgeable on the regulations.
Keep your eyes peeled for our upcoming GDPR blogs that will help prepare you for the impending regulation.