You may have heard a lot in the news recently about data protection and the GDPR. There have also been some really highly profile stories concerning big global companies and how they use our personal data. So what is GDPR all about?
GDPR is European legislation that places a stronger obligation upon organisations like ours to ensure your personal data is processed fairly and securely. GDPR strengthens your individual data rights introduced by the Data Protection Act in 1998, and its coming into force on 25th May 2018, but what else will it mean for you?
Access to your data
GDPR means that you will have much greater access to the information that any organisation holds on you. You already have the right to request your personal data under the Data Protection Act 1998, by making what is called a Subject Access Request. GDPR now strengthens this right and means an organisation must provide your information free of charge and within a shorter period of time. You can also request that any information held about you that is not accurate is rectified. In fact GDPR also introduces a very important ‘right to be forgotten’, this means that you can demand that an organisation deletes any data it holds about you if it is no longer necessary for them to hold it.
Processing your personal information
Organisations must also ensure that any personal data that they process for which they have not obtained specific consent is processed legally. GDPR means that any organisation that processes your data must be open and transparent and clearly explain to you how they collect your personal data, what they use it for, and the ways in which they process it.
We have provided details of how we use and look after the data that we collect, this is called a Fair Processing Notice and you can find it inside the The Southsider Spring 2018. We’ll also be providing all of our new customers with a copy. This document outlines:
- The type of information that we collect.
- Why we collect it and how we use it.
- Who we may share it with and why.
- How we securely store it.
Ensuring your information is held securely
GDPR also introduces a greater obligation upon organisations to ensure that they have put in place reasonable measures to ensure that your information is held securely, and to protect against the loss of your data or other breaches of data security. Our Fair Processing Notice also outlines the steps that we take to ensure personal data is handled securely.
We will continue to provide more information about GDPR through our social media channels, and please feel free to contact us if you would like to discuss any aspect of GDPR or how we handle personal data.
You can also find out more in-depth information about data protection at the Information Commissioner Office website at https://ico.org.uk/for-the-public/