General Data Protection Regulation (GDPR)

The new regulation in EU law on data protection and privacy will come into force on 25^th May 2018.

You may be aware of the changes involved through the recent Facebook Cambridge Analytica scandal and the updates Facebook are making to comply with the new EU law.  In the UK, the regulation replaces the previous 1995 data protection directive, since then the digital world has boomed and the European Parliament have introduced the update to match our ever improving modern technology. In real terms, the regulation determines how our data can be gathered, used, and destroyed at request. Everything from your smart watch to your employer collects data on you and the regulation has been created to protect people from that data being used without your permission or getting into the wrong hands. Digital searchable data falls under the “right to erasure” or what is commonly called the right to be forgotten, but even paper documents must be labelled and filed accurately so that a person can request all data on them to be securely destroyed unless it’s required to be kept by law, such as for banks or for archiving purposes such as historical and scientific data.

Whilst the regulation primarily focuses on digital data, physical paper documents require equal amounts of protection and security to prevent a data breach. Only staff who work with the data should be able to see or have access and all files should be kept in secure lockable units or filing cabinets. Communicating the changes to staff is important so they understand their accountability and rights to access certain data.

Data on the move is another area which requires additional attention, an unsecured USB drive, backup CD or even paper files can be easily left on desks, fall out of bags or pockets or generally misplaced. It is vital that all documents that fall under the regulation are looked after with care and attention to ensure their safety.

Data requests between companies must also be treated with care and confidentiality. If data is sent about an individual, the person must first be asked permission for their data to be shared, then the receiving party must explain why they want the information, what it will be used for and the measures they will take to protect then destroy it.

Any company that fails to comply with the new regulation can be fined up to €20 million or 4% of the total worldwide annual turnover depending on the nature and gravity of the infringement. For any business, big or small, the fine could be devastating.

Here at Scott Anson we already have strong data protection for both our operatives and clients, however to comply with the new legislation we’ve implemented a few small changes to our policies and procedures so that we have confidence in all data being safe and secure.