General Data Protection Regulation (GDPR)
What is GDPR?
The General Data Protection Regulation (GDPR) will replace the existing Data Protection Act in May 2018. It is the first major review of data protection for 20 years. GDPR extends the rights and freedoms of data subjects and places far more responsibility on organisations to process data fairly, accurately and securely.
Penalties for non-compliance have been increased from a maximum of £500,000 to a potential £20m.
How is it implemented?
Training all staff in data protection awareness is part of compliance too. In addition to this an organisation will need to appoint a Data Controller, mainly in the form of a Data Protection Officer. GDPR recommends that organisations should adopt ‘Data Protection by Design’ and this means identifying other people to become Information Asset Owners (IAO) and a board member to become the Senior Information Rights Owner or SIRO. These are recommendations but adoption of such a structure plays an important part in demonstrating compliance.