General Data Protection Act Update
As of May, 25th 2018 new legislation will come into force which overwrites the Data Protection Act, the new legislation is the General Data Protection Regulation (GDPR).
Despite the result of the 2016 referendum this new legislation is still required to be implemented in the UK. The Information Commissioner’s Office has released a preparation guide which supports organisations in the preparation for the GDPR.
About GDPR
The initial good news is that the ICO will abolish the annual fee registration fee. The GDPR follows on from the Data Protection Act (DPA), maintaining many of the main concepts and principles. ICO ‘If you are complying properly with the current law then most of your approach to compliance with remain valid under the GDPR’
The GDPR introduces eyewatering tiered fines for Data Controllers found to be falling short of the required standards set out in the GDPR, these new fines aim to punish and not just deter.
Tier 1 shortfalls lead to fines of up to 2% of annual turnover or 10 million euros, whichever is the greater
Tier 2 shortfalls lead to fines of up to 4% of annual turnover or 20 million euros, whichever is the greater
Individuals Rights under GDPR
Individuals have the right to be:
Informed
Access
Rectification
Erasure
Restrict Processing
Data Portability
Object
Automated Decision Making and Profiling
Differences between DPA and GDPR.