We've created a knowledge bank of the information you need to know regarding GDPR, including external links to websites to ensure you're all clued up in time.
What's it all about?
The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 with the aim to protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy.
As well as being compliant with the requirements around the storage and handling of personal data, it’s vital that your firm are clearly able to evidence this.
The Information Commissions Office has created a "Guide to the GDPR" explaining the provisions of the GDPR to help organisations comply with its requirements.
This is a living online document that the ICO plan to expand in key areas. It includes links to relevant sections of the GDPR itself, to other ICO guidance and to guidance produced by the EU’s Article 29 Working Party.
Click the section titles below for more information:
Every month the ICO will provide updates highlighting and linking to what’s new in their guide to the GDPR.
Take a look below to see what new this year.
February 2018
ICO have updated the page on 'Children' to include the guide level content from the detailed guidance on 'Children' and the GDPR which is out for public consultation.
January 2018
Published more detailed guidance on documentation.
Expanded on the page on personal data breaches.
We have also added four new pages in the lawful basis section, covering contract, legal obligation, vital interests and public task.
Personal data
Meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
The ICO has now launched dedicated advice line offers help to small organisations preparing for the new data protection law, including the General Data Protection Regulation.
The phone service is aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support.
As well as advice on preparing for the General Data Protection Regulation, callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information.
ICO's has produced a guide detailing the 12 steps you should take now to abide by the upcoming GDPR.
Below is a summary of the steps, for full details download the guide here.
01
Awareness
02
Individuals’ rights
03
Data breaches
04
Communicating privacy information
05
Information you hold
06
Subject access requests
07
Children
08
Lawful basis for processing personal data
09
International
10
Data Protection Officers
11
Consent
12
Data Protection by Design and Data Protection Impact Assessments
The ICO have produced checklists to help your firm get for the new regulations.
Before undertaking their self assessment checklist, you should first determine whether your organisation processes personal data as a “data controller” or “data processor”.
Not sure of the definition of these two terms click here.
Data processors
This checklist is designed to help you, understand and assess your high level compliance with data protection legislation.
Data controllers
This checklist is designed to help you, assess your high level compliance with data protection legislation.
Bankhall have produced a collection of 3 pre-recorded webinars, designed to provide a succinct overview on the following areas of GDPR: