Who is affected?

General question for all organisations

Who does the General Data Protection Regulation (GDPR) affect?

The new data protection law (GDPR) will impact every organisation that holds or uses European personal data, not only applies to organisations located within the EU, but also apply to organisations located outside of the EU. To help explain this further please read our articles on “GDPR are you ready?” and “How does Brexit affect our data protection requirements?“.

 

Why is the General Data Protection Regulation (GDPR) important to me?

Have you ever thought about how your business would operate if you could not keep your customer’s information?  From 25th May 2018, collecting and storing your customer’s information without consent, could incur a fine!  Do you want to find out how to ready yourself for the GDPR? Then please read our articles to help you understand more.

 

Who is “responsible”, for complying with the General Data Protection Regulation (GDPR) within your organisation?

Whether you are a small business, charity, school or other organisation, you have a responsibility to train all your staff in data protection and the GDPR.  Let us help you ready your organisation by subscribing to our be.GDPR product.

 

Do you know if the General Data Protection Regulation (GDPR) comes into effect instantly? What happens if someone is breached early in May 18, are they fined under Data Protection Act (DPA) or GDPR when it eventually is brought to light?

The regulation is live now; It will be enforced after 25th May 2018.  Preparing for the GDPR regulation now, will help you understand what you need to do in case of a breach be.Infoready. Subscribe to the be.GDPR product.

 

How long can I keep my client information?

The data protection law on “retention” is largely unchanged; but the new GDPR law will require you to retain data based on your usage and specific consent from the client.  To find out more, read our article on “Consent” and to help you get the “big” picture subscribe to be.GDPR.

 

Will we have to review our Data Protection Policy?

Yes! All organisations will be required to review their data protection policies under the new GDPR regulation and the UK changes to data protection law.

 

Do we need to appoint a Data Protection Officer?

If your organisation has more than 250 employees then yes you will have to appoint a Data Protection Officer (DPO). But it is advisable to appoint somebody to hold responsibility for your data compliance.

 

Do we need to train our staff?

Training is vital in raising awareness with your staff, who are always your greatest asset and the core of any good business. A strong data protection defence gives them the information and guidance they need to help protect your organisation.

 

Are we “data controllers” or “data processors”?

“Does your organisation process personal data?” “Is your organisation the data controller or processor?”.

If your organisation keeps or processes any information about living people, you are a data controller. If you process personal data, but do not have responsibility over that personal data, then you are simply a data processor.  However the laws are changing and both controllers and processors need to be aware of the upcoming changes to the law.  Are you be.Infoready

 

Is GDPR or Data Protection an IT issue?

It’s not! But IT tools can help mitigate some of the factors within the regulation.

For instance: encryption can help protect from loss of data and firewalls can help secure external access to your network, but the risks in approaching the GDPR generically as an IT problem are a misrepresentation of the requirements of the regulation.

 

Schools and charities

Do you perform direct marketing and fundraising?

Then you will need to make adjustments to how you perform these marketing activities to comply with the GDPR.  Consent will have to be sought from the individual person for processing their information for a specific purpose. To find out more, read our article on “Consent” and to help you get the “big” picture subscribe to be.GDPR.

 

Will our school have to review its’ Data Protection Policy?

Yes! All organisations will be required to review their data protection policies under the new GDPR regulation.  Particular revision will have to be carefully prepared with policies intended to be read by children, using clear and plain language.  Further clarification can be found in the be.GDPR product.

 

Does our school need to appoint a Data Protection Officer (DPO)?

Public authorities, which include maintained schools and academies will need to appoint a DPO. Independent schools are strongly advised to appoint a DPO to help deal with existing data protection law and upcoming GDPR.  To help you ascertain what you need to do, please subscribe to be.GDPR.

 

Does our school need to train all its’ staff in data protection?

Schools will continue to be subject to an obligation to take steps to keep personal and especially sensitive data secure and staff data protection training will continue to be expected under the GDPR and new data protection law.  For schools this is a legal and compliance obligation and should be part of the schools safeguarding policies and procedures.