With less than 2 weeks to go to the Referendum some businesses would be forgiven for soft peddling on getting ready for the new General Data Protection Regulation which is due to come into force in May 2018.
However, arguably, the Data Protection regime in the UK is due for an overall in any event and it would be a mistake to assume that doing nothing by way of preparation is an option.
The Information Commissioner’s Office has recently produced a short, accessible booklet “Preparing for the General Data Protection Regulation”. This identifies 12 keep steps, essentially the need to develop a strategy and to audit the data and data sharing regime which businesses currently have.
Whatever privacy notices are in place, and irrespective of the outcome of the Referendum and forthcoming changes, it’s always a good idea to review the privacy notices on a regular basis and an audit now as against compliance with GGPR who will be informative.
Again, with regard to individuals’ rights and subject access requests now would be a good time to audit current processes and data. It might be useful to do some general housekeeping with regard to deleting personal data. Reviewing the Information Commissioner’s Guide and think about subject access requests and how you would handle these in the future.
There is never a bad time to review data breaches or what can be done to prevent data loss. Even if a requirement to have a Data Protection Officer does not currently exist and will not exist for all organisations post May 2018, someone should have overall responsibility for compliance in your organisation.
Brexit or no Brexit now is a good time to take a long hard look at your current Data Protection compliance and to consider for change ahead. Whatever happens the current Data Protection regime will be changing.
