Things you should know
It is the biggest change in UK data privacy law for 20 years. The General Data Protection Regulation replaces the Data Protection Directive, to provide transparency and clarity regarding the law for data privacy and security. All companies are required to review and update their processes for managing and sharing personal data ahead of the enforcement date on the 25th May 2018. Following this deadline, accountability will fall with organisations to protect personal information and act appropriately if something goes wrong.
In line with the changes enforced, companies will provide easier access to personal information, and ensure that information is accurate, up to date and well managed. Customers will have control of how they want to be contacted and companies will update privacy processes accordingly to reflect these changes.
What exactly is changing?
- Personal Data has been extended to take in to consideration technology developments, and now even includes online identifiers such as IP address.
- Data Protection Officer has responsibility for ensuring data protection and privacy compliance within an organisation
- There have been changes to the way organisations seek, record and manage consent for marketing preferences: request for consent should be clear with an active opt in consent box.
- Data subjects have the right to access data held about them. Subject requests for access to information must be responded to within 1 month and the personal data should be shared free of charge.
- A notifiable breach must be made to data subjects/ ICO within 72 hours of awareness.
- Data subjects have enhanced rights under the GDPR including the right to be forgotten where they can request their information to be erased and forgotten.
A full description of the changes are detailed fully here.
NSSL prepare for GDPR regulation change - Our GDPR approach
Newcastle Strategic Solutions has implemented a plan to protect the security of our customers' data. We have undertook a significant review of our processes to ensure we meet the GDPR's requirements. A Group wide GDPR project was launched in early 2017 with dedicated work streams initiated to ensure our organisation and the outsourced savings services we provide to our clients meet the incoming GDPR requirements. In readiness for 25th May 2018 we are consistently engaging with our clients and suppliers to enhance our systems and processes in line with our roadmap. These changes will ensure we have a robust data protection programme in place that is embedded within our organisation. This will enable us to demonstrate our compliance with the new requirements under the GDPR and in particular, the new "accountability principle" which requires organisations to evidence how they comply with the GDPR requirements. We continue to implement our roadmap ensuring both existing and prospective clients benefit from the positive changes we are making.
Ray Orife, Data Protection Officer at Newcastle Strategic Solutions said; "The incoming General Data Protection Regulation represents a significant shift in the data protection landscape. With enhanced rights for data subjects, the introduction of the "accountability principle" and a drastically increased level of fines, it is imperative that we offer a savings management service underpinned by data protection and privacy compliance.
As an outsourcing provider to a variety of clients in a heavily regulated sector, we realise the importance of offering a robust and compliant service. We are therefore working diligently to ensure that the changes we make enable our clients to meet their information rights obligations which will allow them to thrive in this new privacy landscape."