The current data protection system in practice in UK, Data Protection Act 1998, is soon going to be replaced by the new EU GDPR – General Data Protection Regulation. It is a new framework for data protection laws in Europe.
It has been in discussed over the last four years; however, it will finally come into practice on May 25, 2018. GDPR took two years to prepare for its publication in May 2016 in the EU Official Journey. Therefore, organisations have had ample time to prepare themselves to embrace the changes this new system will bring along with it.
Information Commission Office – ICO has made it mandatory for the companies that collect EU citizens data to comply with new rules that relate to protecting consumer data. GDPR is basically a new standard for consumer rights, which will protect their data.
EU GDPR, after its implementation, will have different impacts on the different organisation, depending on their data protection methods. Moreover, it will be necessary for every company that stores data related to EU citizens to follow GDPR information security management system irrespective of the fact that they operate a business within EU boundaries or not. If they are processing personal information about citizens of EU, they will have to comply with GDPR. Companies that fall into below-mentioned categories will be required to comply with GDPR.
ICO has created a guide, which includes 12 steps, to prepare business entities for the start of this new data protection system.
Some of the steps that are laid down by the ICO include:
For assistance of small business entities to implement GDPR procedures, a phone service will be created by ICO. This service is slated to begin in November 2017.
One of the more interesting requirements set by GDPR is the appointment of a data protection officer. However, not all companies in the EU will be required to appoint a DPO. The person filling the post of a DPO will hold the responsibility of managing and supervising data protection strategy. Moreover, they will also ensure implementation of the strategies as per the regulations and requirements in GDPR. You can read more about the requirement for appointing a DPO in this blog article.