A long-anticipated overhaul of the UK’s data protection laws has been proposed by the Department for Digital, Culture, Media & Sport. The proposed changes will give British citizens more control over personal data submitted for processing and will incorporate the directives of the EU’s forthcoming General Data Protection Regulation in to UK law. Most organisations will already be compliant with the requirements of the UK’s 1998 Data Protection Act however the changes proposed will bring a host of new directives – and new penalty fines. In February, only 54% of businesses surveyed by the Direct Marketing Association (DMA) expected to be compliant with the GDPR by that May 2018 deadline. We’ve highlighted some of key features of the GDPR alongside strategies to ensure your organisation remains compliant:
New Right Of Access and Data Portability
Under the GDPR, data subjects can ask the Data Controller for a copy of any personal data being processed at any time. The Data Controller must supply them with copy of the personal data, free of charge, in an electronic format. The data must come back to them in ‘a structured and commonly used and machine-readable format’. Our Online Document Storage and Cloud collaboration tools would make fulfilling this compliance simple and easy, as opposed to trawling through files.
Privacy by Design
The GDPR states that ‘The controller shall… implement appropriate technical and organisational measures…in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects’. Privacy measures must demonstrably be a part of Data Controllers organisational structures. Our security services, such as Document Shredding, Managed Print Services and secure, online Document Storage – amongst many others – can help you build security into your operations, through tools such as password encrypting files and PIN-required printing.
Right to be Forgotten
This new directive entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data and potentially have third parties halt processing of the data upon request. There are conditions surrounding data erasure but data controllers and processors are directed to comply ‘without undue delay.’ Our secure data disposal service securely disposes of digital and magnetic media, after which you receive a certificate of destruction.
Increased Territorial Scope
Unlike the DPA, the GDPR applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. If you’re situated abroad but handling an EU individual’s data, then online document management tools – such as Microsoft Exchange and our Document Storage service – will make it easy to comply with the new regulations, wherever you are in world.
Data Protection Officers
The appointment of a DPO will be mandatory for ‘those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences.’ i.e. for GP surgeries, estate agents and nursing homes. This individual ‘Must be provided with appropriate resources to carry out their tasks and maintain their expert knowledge’. Resources such as our Cloud Computing, Document Storage and Digital Communication services would allow your DPO to do their job easily and efficiently.
Click here to read more about the GDPR and enter your details below to request a call back from our Document Management team.