Kingston Smith

General Data Protection Regulation (GDPR)

What is data protection?

Simply put, data protection is about guarding people from the misuse of their personal information, by creating legal responsibility for keeping that information held as securely as possible.

The General Data Protection Regulation or GDPR is the first major overhaul of data protection in the UK for 20 years. Its purpose is to:

  • Give data subjects more rights to their information
  • Create more transparency surrounding how organisations and companies use the data they hold
  • Ensure that any organisation which collects, handles or shares personal data, does so with a clear and lawful purpose
Contact us

Frequently asked questions

How is it implemented?
+ -
Organisations can recruit a professional privacy expert, train an existing member of staff or use a compliance consultancy to implement the rules, procedures and guidelines of a privacy policy. Considerable savings can be achieved by using the consultancy option, along with continuous monitoring without the worry of holiday and sick cover. This is important because if there is a data breach it must be reported to the Information Commissioner’s Office (ICO) within 72 hours.

Training all staff in data protection awareness is part of compliance too. In addition to this an organisation will need to appoint a Data Controller, mainly in the form of a Data Protection Officer. GDPR recommends that organisations should adopt ‘Data Protection by Design’ and this means identifying other people to become Information Asset Owners (IAO) and a board member to become the Senior Information Rights Owner or SIRO. These are recommendations but adoption of such a structure plays an important part in demonstrating compliance.