General Data Protection Regulation (GDPR) Update

We recently published an update regarding the new regulations surrounding the handling of personal data. It included a link to the Information Commissioner’s Data Protection Self-Assessment Toolkit, which should help you to prepare your club for GDPR compliance, prior to the date of implementation on 25th May 2018. Since then there has been some debate surrounding the interpretation of the guidance and some of the most popular considered below. The fact that the UK is leaving the EU will not prevent the introduction of the GDPR. It is highly likely that some if not all the new regulations will be incorporated into UK legislation probably by amendment to the Data Protection Act 1998 (DPA) or by the introduction of new UK legislation. You will only have to appoint a Data Protection Officer (DPO) if you carry out the ‘large scale’ regular and systematic monitoring of individuals or process sensitive personal data. SMEs (i.e. businesses with less than 250 employees) will be exempt, from appointing DPO where data processing is not their core business activity. If you do not store your own data, if it is on the cloud for example, then you are equally liable along with your service provider to comply with GDPR, therefore you need to be talking with anyone who stores your data to ensure they are working towards compliance. With regard to the security of the data, there is very little exact guidance, only that ‘appropriate’ and ‘state of the art’ protection be employed. This may be vague on purpose, as technology ‘evolves’ and it may, ultimately, be up to the courts to decide what is “state of the art” at the time a data breach occurs. The guidance does make clear that if the data has been sufficiently encrypted, to make it unusable to unauthorised access, then this will be a significant step in ensuring compliance. Encryption alone will not ensure compliance but will mitigate against the risk of fines following a data breach and remove the necessity to notify the individuals affected. Further information on how you can prepare your club for  GDPR compliance is available from the ICO through their Data Protection Self-Assessment Toolkit.
This is member only content

Please LOGIN to read the full article.

Not a member? Please click here to join today.

More from Industry