This week we consider personal data breaches and the procedural steps your organisation can take now to deal with the new reporting requirements under the GDPR.
We continue our countdown to 25 May 2018, when the GDPR will come into force, with the second instalment of this blog series.
What is it?
On 25 May 2018 the European General Data Protection Regulation (GDPR) will come into force across the EU. This means that the greatest shake up of data protection laws in Europe will be applicable in the United Kingdom in a mere twelve weeks’ time. Don’t despair – there is still time left to prepare for the impact that the GDPR will have on your business or organisation. In this first of our “final countdown” twelve blog posts leading up to 25 May, we will provide some guidance on what practical steps you can take to ensure your business is GDPR compliant.
The General Data Protection Regulation (or GDPR), which comes into effect on 25 May 2018, is an EU Regulation on the protection of natural persons with regard to the processing of personal data. But what is personal data – you would think an easy question to answer, perhaps not so, and the European Commission has now put together a set of FAQs in respect of the reform of EU data protection rules, in order to provide further clarity on what is considered to be personal data.
This year will be dominated by the implementation of the General Data Protection Regulation (GDPR) which comes into force on 25th May 2018 and will be the biggest overhaul in European data protection law in almost three decades. Much focus has been on how these changes give enhanced rights to data subjects and how this will impact upon businesses. Currently, the German Cartel Office (Bundeskartellamt) are conducting an investigation which considers Facebook’s collection of personal data from users to be a breach of EU competition law. This is one of a series of investigations across the EU which consider the interaction between data protection and competition law.
The GDPR is the new EU data protection law which will come into effect on 25 May 2018. This will apply in the UK despite Brexit because of the UK Data Protection Bill which is currently working its way through Parliament.
In December 2017, the Article 29 Working Party (WP29) published detailed draft guidelines on consent under the General Data Protection Regulation (GDPR). The guidance, which is currently open for consultation until 23 January 2018 provides an analysis of the concept of consent, together with guidance for organisations on the requirements to (i) obtain; (ii) demonstrate and (iii) maintain valid consent under the GDPR. The UK ICO issued its own draft guidance on consent earlier last year.