Data Protection for Organisations – new legislation started in May!
General Data Protection Regulation (GDPR) – the new legal framework – applies in the UK from 25th May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. Although the GDPR shares similarities with the existing UK Data Protection Act 1998 (DPA), it also has some new and different requirements. Under GDPR, UK citizens will benefit from new or stronger rights:
- to be informed about how their data is used;
- around data portability across service providers;
- to erase or delete their personal information;
- over access to the personal data an organisation holds about them;
- to correct inaccurate or incomplete information; and
- over automated decisions and profiling.
Scottish charities must be aware of all of their requirements and should prepare for the GDPR prior to its launch. They may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. To assist you, the Information Comissioner’s Office (ICO) website contains information on how you can prepare for the GDPR, including this document which outlines 12 steps to take right now: https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf.