150 likes | 162 Views
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams. Hillyer McKeown LLP. Commercial Law Firm Chester, North Wales, Wirral, Liverpool Over 100 staff Diverse UK-wide client base Legal 500.
E N D
General Data Protection RegulationsPreparing for the upcoming changes in data protection lawDavid Jones & Angharad Williams
Hillyer McKeown LLP Commercial Law Firm Chester, North Wales, Wirral, Liverpool Over 100 staff Diverse UK-wide client base Legal 500 The team have been praised for the “first-class clarity and quality” of their advice.
What are the GDPR? Replace current EU legislation on the processing and handling of data (including the Data Protection Act 1998) Effective from 25thMay 2018 Aim to harmonise and strengthen the data rights of EU citizens Will apply to all EU member states, including the U.K. The changesintroduced substantially increase the responsibility of the data controllers and processors regarding the handling of individuals’ personal data.
Why are the GDPR important?Five key changes: Stricter rules on consent Enhanced rights for data subjects Accountability measures increased Data breach notifications Fines
Case Examples GDPR is high profile following a number of recent data breaches:- • NHS • Equifax
Legitimate grounds for processing Contractual necessity Legitimate interests Compliance with a legal obligation Protection of vital interests Public Interest / Official Authority Consent
How do you ensure compliance? Raise awareness of GDPR Discuss the potential impact of GDPR at board level and throughout the business. Roles and responsibilities Find out who is accountable for the day to day control of collecting, storing and processing any personal data. Appoint a data protection officer (DPO) and supporting team Appoint a DPO and representatives from responsible departments to coordinate the organisational changes needed to comply with the new law.
How do you ensure compliance? Data Protection Impact Assessment (DPIA) for personal data Perform a risk assessment for each department, including the lawful basis for handling someone’s data. Review consent Define how you seek, record and manage consent for collecting, storing and processing types of personal data. Audit trail Review the processes and mechanisms in place to ensure security, accountability and transparency.
How do you ensure compliance? Review legal documentation Update individuals’ rights and privacy information such as privacy notices to make compliant with the new law. Subject access requests Define how your business plans to handle quests from people to access their data according to the new GDPR. Update policies and procedures with third parties Is the data you hold shared outside your organisation? If so, who?How? Where?
How do you ensure compliance? • Testing and review ready for 25thMay 2018 • Complete final staff training on updates to new policies, processes and procedures for aspect of personal data management. • Review and test personal data handling across the business, within departments and for key individuals who have responsibility for data. • Plan for ongoing GDPR compliance via comprehensive auditing and reporting. Ensure accurate, compliant and transparent data management.
Don’t panic! 5 steps to ensure compliance Start the discussion and gather information Decide who will be responsible (consider DPOs) Training and Policies Evidence and Accountability Preparing for potential breaches
Five key questions businesses should be asking themselves now Where do we currently store personal data, and is it secure? Who has control of personal data at present? What authority do we have to use and process personal data? What are the current IT systems and processes relating to the data we hold? Is there a process of erasure? Is the data we hold shared with any external contactsor third parties, and it is shared anywhere outside the European Economic Area (EEA)?
Contact Details David Jones Tel: (0151) 666 0747 Email: dbj@law.uk.com Angharad Williams Tel: (01244) 357 284 Email: aww@law.uk.com