The General Data Protection Regulation and Data Protection Act 2018 replace the Data Protection Act 1998. The regulation and act regulate the way we handle and process personal data that we hold.
New rules have been brought in which mean:-
- enhanced rights for individuals are introduced such as right to erasure
- new documenting procedures - we will have to be much more open with our customers about what we do with their information
- we will need to ensure that we only use the minimum amount of information to get the job done
- strengthening our rules for deleting and removing data
- notifying the Information Commissioner's Office of certain breaches within 72 hours (and increased fines apply)
- dealing with Subject Access Requests within one calendar month
- appointing a data protection officer with responsibility for compliance
For more information visit the Information Commissioner’s Office website.