The General Data Protection Regulation, or GDPR, is coming into effect in May 2018 and replaces the current Data Protection Act. It’s been 25 years since data protection legislation was written and the laws were in need of an overhaul. However, companies need to be prepared to comply with the new laws or face fines. A lot of work needs to get done in a year’s time, so it’s best to get started right away.
Customers Need Access to Their Own Data
No longer can a customer’s personal information be withheld from them when they ask for it. Now a company has to supply the customer access to their own data and let them view what has been done with their personal information. This is now a right afforded to private persons who have supplied their personal information to a company. It’s known as a subject access request, and a company must comply with such a request or face a fine.
Get Clear Consent From Customers to Use Their Personal Data
Retaining Use Records
Companies aren’t barred from doing anything with personal data. But they must keep records of everything done with that information. Article 30: Records of Processing Activities governs how a company must keep track of what happens with customer data. Tracking information has to include who moved the data, why it was moved, and contact information of those who initiated the change. It is a lot of information to track, but software automates most of the process and reduces the amount of effort needed. These are some of the things a company needs to know for the upcoming shift to the GDPR. Private citizens are gaining more rights and companies have to respect those rights or face the consequences.