General Data Protection Regulation: What does it mean for you?
Have you heard about the General Data Protection Regulation (GDPR)? GDPR is a European Union directive and its basic objective is to enforce stronger data security and privacy rules, among organisations, when it comes to protecting personal data. The law comes into effect in the UK in May 2018 and understanding the key elements, auditing and documenting all the information you currently store, and ensuring all your data collection and procedures are GDPR-compliant, is going to be a lengthy process.
We would like to suggest that it’s now time for you to start thinking about this or to seek help from a third-party expert (such as a trusted partner or consultancy). Individuals and organisations will also need to ensure their security alert systems are equipped to spot and react to any break-ins quickly because, under the GDPR, data breaches will have to be reported within 72 hours.
So why is all of this so important? Failure to comply with the new law could lead to a huge fine and the rules are quite clear on the fact that whoever is responsible for the breach – whether an employee, a malicious attacker, or a partner or other third party – is irrelevant; it will be the organisation that foots the bill and suffers any consequent reputational damage.
A very useful document about the GDPR, called Preparing for the General Data Protection Regulation (GDPR) – 12 steps to take now can be found at http://bit.ly/2Ai3xRS. Alternatively you could contact the Information Commissioner’s Office in Cardiff on 029 2067 8399 or wales@ico.org.uk for advice.
Children in Wales will be starting its data audit in January 2018 and will be circulating a survey for you and your colleagues to complete. Please look out for this email!
If you need any further information, please do get in touch with us at membership@childreninwales.org.uk.