GDPR Countdown Week 11: Data Protection Basics
With 11 weeks now to go until GDPR becomes law, this is our second short piece on the most important aspects of GDPR.
Data Protection Basics
A lot is now being written about GDPR, some of which appears daunting. It is important that employers remember that GDPR is more evolution than revolution in data compliance. GDPR becomes enforceable from 25 May 2018. Many of the basics are going to be the same as they are under current data protection legislation. In particular:
- Personal Data – effectively the same as currently.
- Sensitive personal Data – will be called “special categories of personal data” but effectively the same.
- Data retention periods – employers’ obligations will remain effectively the same.
- Data security – again, effectively the same
There are also some very important changes which will apply from 25 May 2018 and we will cover these in our weekly GDPR bulletins between now and 25 May. Importantly though employers need to recognise that GDPR is likely to bring a heightened awareness of data protection rights, will add significantly to powers of the Information Commissioner’s Office (“ICO”) to award financial penalties and will increase the potential for employers to face more litigation from employees who believe that their personal data is being mishandled.
Getting the basics right is crucial; be clear what personal data you are collecting and why; tell your employees what you are doing and why; be satisfied that you are entitled to collect that data; treat it with respect – don’t disclose it to third parties unless you need to, keep it secure and don’t keep it longer than you need to. All employers should already be taking these basic compliance steps.
The ICO has stated in relation to GDPR. “Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act, so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from.”
In other words, if you are already complying with the current data protection basics, you are a long way towards ensuring compliance with GDPR.
If this raises any questions, please speak to your normal Weightmans contact or Mark Leach, Partner (firstname.lastname@example.org).