This explains the relationship between the Bill and the GDPR, detailing the additional areas the proposed new legislation covers. It also includes links to the ICO’s GDPR and Law Enforcement pages and to a Data Protection Bill fact sheet.
When the General Data Protection Regulations (GDPR) come into effect next year there will no longer be a requirement to notify the Information Commissioner’s Office (ICO) as there is now.
There is a provision in the Digital Economy Act which means it will remain a legal requirement for data controllers to pay the ICO a data protection fee. These fees will be used to fund the ICO’s data protection work. As now, any money the ICO receives in fines will be passed directly back to the Government.
The new system will aim to make sure the fees are fair and reflect the relative risk of the organisation’s processing of personal data. The size of the data protection fee will still be based on the organisation’s size and turnover and will also take into account the amount of personal data it is processing. The final fees will be approved by Parliament before being put into place.
The rules are changing on data protection, if you want to find out more, Rob from Crimson Crab will be talking to Miles Hensen on 93.7 Express FM’s Business Programme at 7pm on Thursday 29th June 2017.
From a compliance perspective your clients are entitled to know the details of the legal entity that they are dealing with, especially if a business or tradingname is being used. If the legal trading entity is a registered body there are some very specific disclosure requirements.
The information must appear in business letters and electronic equivalents including emails. To give you peace of mind we can check out your letterheads for compliance read more…
Yes, it’s really important to get your house in order, ready for the new legislation.
You will need to get to grips with the new rights of individuals, handling subject access requests, consent, data breaches, and maybe even designating a data protection officer.
There is a responsibility to demonstrate compliance and so documenting what personal data you hold, where it came from and who you share it with is an absolute must.
The important thing is to make sure that someone in your organisation takes proper responsibility for data protection compliance in good time and has the knowledge, support and authority to do so effectively.