How to get compliant for GDPR
In summary, the Data Protection Act is being overhauled and will be superseded by the General Data Protection Regulation (GDPR) which will become enforceable across Europe, including the UK, on 25 May 2018.
Who does this affect?
The GDPR applies to all personal data about individuals collected or processed in Europe (regardless of those individuals’ nationality or citizenship) so this change will affect you and your work.
Whether you collect the personal data or handle personal data collected by others, the GDPR will apply.
What are the changes?
The new regulation modernises the old act and even changes the very definition of "personal data" which, for example, is redefined in the GDPR to include an individual's Genetic data, Biometric data, Location data and Online identifiers. It also introduces a new category of data, called pseudonymous data. GDPR introduces stricter requirements regarding privacy policies, data breaches, consent, and data about children, amongst other things.
What is the impact?
All businesses must set themselves up to be compliant, follow best practice and protect their customers data. If a member of the public raises a concern with the ICO, the body will work with you to put things right however, they do have a range of options at their disposal should you fail to come into compliance which include suspended activities and dissuasive penalty fines.
How do I become compliant?
To get you started, a simple overview of the GDPR can be downloaded here. It breaks down the information into 2 sections, "Understanding how your business is impacted" and "How to begin your compliance journey".
This will help you better understand your obligations and help you put a plan of action into place, so you can work towards compliance.