25th May is GDPR Day
After a grace period of two years, today is the day that the EU General Data Protection Regulation becomes fully applicable in UK law. The Regulation is entrenched and complemented by The Data Protection Act 2018, which received royal assent on Wednesday (23rd May).
The new laws demand higher standards of accountability and transparency from data controllers and processors. It is not enough to protect personal data, you must document your processes and procedures to provide evidence of your compliance.
There are more onerous obligations on organisations, increased rights for citizens and substantially larger financial penalties that can be imposed by the Information Commissioner’s Office.
Elizabeth Denham, the Information Commissioner, issued a statement yesterday emphasising that work to comply with GDPR must not end on 25th May. She said:
“It’s an evolutionary process for organisations – no business, industry sector or technology stands still. Organisations must continue to identify and address emerging privacy and security risks in the weeks, months and years beyond 2018.”
It is vital therefore that all organisation continue to demonstrate their compliance by ensuring that all their staff are properly trained and know how to apply data protection policies and procedures in practice.
EU Data protection law has been transformed and GDPR is now fully enforceable in the UK. Under GDPR, the requirements to justify and document your personal data processing are onerous and the penalties for non-compliance will be substantial.
This market-leading course is a step-by-step guide to GDPR and will help you understand what has changed and what processes need to be in place to comply with the stringent new Regulation, now and in the future.
It will explain the new rules regarding:
- The legal basis for processing
- Privacy notices
- Control of personal data
- Mandatory breach reporting
- Complaints and penalties