So, what is GDPR?

The General Data Protection Regulation – GDPR – is the overall regulation on the protection and handling of personal data for the European Union. Although it is EU regulation, its impact is global. Many businesses both inside and outside of the EU are likely to need to clarify and adapt their policies in order to be compliant as the GDPR strengthens rights and gives individuals more control over their personal data.

Although there is no shortage of advice out there relating to this subject. We suggest a good independent starting point would be the official ICO website.

They provide an easy to understand guide to GDPR which explains the provisions of GDPR to help organisations self-comply with its requirements and it has been written for those who have day-to-day responsibility for data protection within your organisation in mind.

This guide is a living document and therefore work continues to expand it, in key areas. It includes links to relevant sections of the GDPR itself, to other ICO guidance and to guidance produced by the EU’s Article 29 Working Party. This Working Party includes representatives of the data protection authorities from each EU member state, and the ICO is the UK’s representative so we have tried to get you as close to the source as possible in regard to latest information and guidance.

Along with a helpful “Guide to the GDPR”, a number of tools have also been produced to help organisations to prepare for the GDPR including:

“Getting ready for the GDPR”, which consists of two checklists - one for data controllers, and another for data processors.

Before undertaking this self-assessment, checklist process you should first determine whether your organisation processes personal data as a “data controller” or “data processor”.

To help you ascertain which silo you fall into the definition of these two terms can be found in the Guide to the GDPR referenced above, however if you find both apply to your business activities don’t panic as this simply means you are advised to complete both assessments rather than just one!.

Designed to help you, as a data controller, assess your high-level compliance with data protection legislation. Includes the new rights of individuals, handling subject access requests, consent, data breaches, and designating a data protection officer, under the upcoming General Data Protection Regulation.

Self-assessment Start now

Designed to help you, as a data processor, understand and assess your high-level compliance with data protection legislation. Includes the new requirements for data processors, the rights of individuals, data breaches, and designating a data protection officer, under the upcoming General Data Protection Regulation.

 Self-assessment Start now

Professional Consultative Advice

If trying to do this yourself has your head spinning and would feel more comfortable seeking independent 3^rd party professional consultative advice and guidance, then further support can be provided via the DCA Trade Association. To make contact with a specialist simply CLICK HERE to send an engagement request.

Additional Useful Links

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

https://rakutenmarketing.com/en-uk/resource-centre

http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN.

https://ico.org.uk/for-organisations/data-protection-reform/

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

https://iabuk.net/policy/briefings/the-eu-general-data-protection-regulation-gdpr-a-briefing-for-the-digital

https://iabuk.net/policy/briefings/eu-general-data-protection-regulation-gdpr-faqs-updated-july-2016

Please note: The information and opinions within this content are for information purposes only. They are not intended to constitute legal or other professional advice and should not be relied on or treated as a substitute for specific advice relevant to GDPR Compliance.