GDPR comes into force on 25th May 2018
Hardly headline news. Unless you have been living on the moon for the past three months you will be aware that the new data protection regime GDPR comes into force on 25th May 2018.
Here are the latest GDPR developments you need to know:-
1. New guidance has been published by ACAS on the new data protection provisions of the GDPR.
The guide covers the following:-
· What is GDPR?
· Who does GDPR apply to?
· What is personal data?
· Monitoring employees
· How long can information be kept?
· How can employers comply with the regulation?
· A worker’s right to request their personal data
There is also a link to the Information Commissioner’s Office 12 step checklist.
2. On 14 May 2018, the Information Commissioner’s Office (ICO) published detailed guidance on data protection impact assessments (DPIAs)
The guidance emphasises the importance of DPIAs as part of the “data protection by design and default” approach. They should be viewed as “living” documents that are reviewed regularly. The guidance also includes a DPIA awareness checklist for organisations to use when deciding whether it is necessary to undertake a DPIA.
3. On 9 May 2018, the ICO published the final version of its guidance on consent.
The guidance considers:
· The differences between consent under the Data Protection Act 1998 (DPA 1998) and under the GDPR and Data Protection Bill 2017-19.
· Why consent is important.
· When consent is appropriate.
· What is valid consent.
· How should consent be obtained, recorded and managed.
The ICO’s guidance is intended to sit with Guide to the GDPR and provide further detail on consent and when it should be relied on as a lawful basis for processing personal data.
Source: ICO Guide to Consent