There has been a lot of information regarding the deadline of 25th May 2018 which is the date that the General Data Protection Regulations (GDPR), come into force. This will be a substantial change to the current data protection legislation and it would be wise not to regard matters as business as usual.
The GDPR will impose major changes which include:
Many organisations are already working to accommodate the changes but there is still a substantial number who are not turning their attention to GDPR. It is important to, at least, make a start on implementing the necessary changes now, even if these are not completed before the deadline. This will demonstrate to the ICO, should a breach occur, that you are taking the regulations seriously and may well reduce any possible penalty. It can also minimise the risk of a breach happening in the first place.
There needs to be an administrative as well as a legal approach to complying with GDPR. Some of the matters an organisation may want to consider are:
Understanding what personal data is held by the organisation and how it is used within the organisation;
The above are just some of the considerations which an organisation should be turning its attention to from now. You may want to engage external advisors with GDPR knowledge to help you navigate this fairly complex area of law.
This article is for general information purposes only and does not constitute legal or professional advice. For more information contact Watkins & Gunn Solicitors on 01633 262122 or visit to our website www.watkinsandgunn.co.uk