The EU General Data Protection Regulation (GDPR) is due to come into place in May 2018 and is set to replace elements of the current Data Protection Act 1998. This regulation will create new legal obligations which will have a significant impact upon the way in which organisations handle personal data.
Whilst Kindertons Group companies will communicate regularly with suppliers and customers, we recommend that all companies utilise the ‘What’s New’ section of the ICO’s GDPR web site for regular updates.
How is my organisation affected?
The UK government has confirmed that the UK’s decision to leave the EU will not affect the introduction of the GDPR. So all companies operating in the UK which process personal data about EU citizens will be in scope for complying with the regulation.
Unlike the Data Protection Act, the controls under the GDPR will have an impact on both ‘controllers’ and ‘processors’ of personal data.
Again, we suggest utilising the ICO’s GDPR website for guidance on data controllers and processors HERE
The GDPR will introduce new rights for “data subjects” such as the Right to be Forgotten and the Right to Data Portability, these rights will need to be integrated into the operational controls administered by data processors and controllers.
The regulation will also introduce mandatory breach reporting to the ICO and the data subject. Administrative fines for “personal data breaches” under the GDPR will also be considerable in monetary value and up to a maximum of 4% group global turnover or 20 million Euros.
Latest Kindertons Group GDPR Updates