Robyn Banks, Specialists in Data Protection from company adavista.com visited our BNI Central chapter to give a talk about GDPR and what businesses do to ensure their organisations achieve compliance.
The first step is AWARENESS – congratulations you can tick that box as you are reading this post.
There will be new elements and significant enhancements – there are new accountability rules which require new documentation and Privacy Notices will need to be amended.
Some aspects of data protection under the 1998 Act have been considered “best practice” or “implicit” but under the GDPR these become legal requirement. For example – as it says in the 12 steps document – “A privacy by design and data minimisation approach has always been an implicit requirement of the data protection principles – However the GDPR will make this an express legal requirement”
Therefore this is the starting point for businesses. There can be no generic approach for businesses and therefore a generic training course is difficult to devise. Each organisation across the UK will need to assess its own policies and procedures to ensure they are “fit for purpose” to meet the new rules. Training courses will have to be specifically tailored.
Once we have ascertained at what level your compliance stands at now then we can take matters forward to implement the additional documentation/policies/procedures as may be required under the new law.
Q. What is the GDPR?
The GDPR is an EU Regulation which is being brought into effect across Europe by May 2018. By the very nature of being a “Regulation” it will REPLACE the existing legislation.
Q. But what about the UK and “BREXIT”?
The UK Government announced in October 2016 that the GDPR would come into force in the UK on 25 May 2018, regardless of our status in the EU. The Information Commissioner’s Office (ICO – the UK regulatory authority on data protection) has been leading the way in pushing for reform of the existing legislation for a long time and the UK Government has taken this into account and stated that reform will be re-researched once we have left the EU.
Q. I am being encouraged to prepare for this – what do I do?
The ICO are publishing guidance on their website over a period of time in the lead-up to May 2018. To this end they have published a “12 Steps” document that outlines the major changes, but we still await all the detail on what’s expected.
Q. Please tell us about your background and what makes you qualify to advise on GDPR?
I have been in the field for 16years – 13 of those running my own business. The first three years were working with the Foreign Office as their “Data Protection /Freedom of Information Casework officer and trainer” – where I handled much casework; trained staff and worked with the author of the existing legislation on implementation. I regularly work with the ICO and they are aware of my work – but as a public authority they are not allowed to recommend anyone!
Q. How long does the process take to become GDPR compliant?
The process I follow takes about 8 hours or so of my time and about 1-2 hours of yours – plus one document preparation we can discuss and be referred to a specialist to complete.
If you have any questions about GDPR, please get in-touch with Robyn.