Preparing for the General Data Protection Regulation (GDPR)

We've created a knowledge bank of the information you need to know regarding GDPR, including external links to websites to ensure you're all clued up in time.

What's it all about?


The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 with the aim to protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy.  


As well as being compliant with the requirements around the storage and handling of personal data, it’s vital that your firm are clearly able to evidence this.

ICO's "Guide to the GDPR"

The Information Commissions Office has created a "Guide to the GDPR" explaining the provisions of the GDPR to help organisations comply with its requirements.


This is a living online document that the ICO plan to expand in key areas. It includes links to relevant sections of the GDPR itself, to other ICO guidance and to guidance produced by the EU’s Article 29 Working Party.


Click the section titles below for more information:

Updates to GDPR Guide

Every month the ICO will provide updates highlighting and linking to what’s new in their guide to the GDPR.


Take a look below to see what new this year.

February 2018


ICO have updated the page on 'Children' to include the guide level content from the detailed guidance on 'Children' and the GDPR which is out for public consultation.

FInd out more

January 2018


Published more detailed guidance on documentation.


Expanded on the page on personal data breaches.


We have also added four new pages in the lawful basis section, covering contract, legal obligation, vital interests and public task.

FInd out more

What information does the GDPR apply to?

Personal data

Meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

Small businesses

The ICO has now launched dedicated advice line offers help to small organisations preparing for the new data protection law, including the General Data Protection Regulation.  


The phone service is aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support.


As well as advice on preparing for the General Data Protection Regulation, callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information.

12 steps to take now

ICO's has produced a guide detailing the 12 steps you should take now to abide by the upcoming GDPR.


Below is a summary of the steps, for full details download the guide here.

01

Awareness

02

Individuals’ rights

03

Data breaches

04

Communicating privacy information

05

Information you hold

06

Subject access requests

07

Children

08

Lawful basis for processing personal data

09

International

10

Data Protection Officers

11

Consent

12

Data Protection by Design and Data Protection Impact Assessments

Checklists

The ICO have produced checklists to help your firm get for the new regulations.


Before undertaking their self assessment checklist, you should first determine whether your organisation processes personal data as a “data controller” or “data processor”. 


Not sure of the definition of these two terms click here.

Data processors

This checklist is designed to help you, understand and assess your high level compliance with data protection legislation.

Start

Data controllers

This checklist is designed to help you, assess your high level compliance with data protection legislation.


Start

Videos

Bankhall have produced a collection of 3 pre-recorded webinars, designed to provide a succinct overview on the following areas of GDPR:


  • Who does the new legislation apply to?
  • Key areas to consider
  • Lawful basis for processing
  • Individual rights
  • Accountability and governance
  • Breach notification
  • Marketing and consent
  • FAQs

FOR INTERMEDIARY USE ONLY


PMS is a trading style of Premier Mortgage Service Limited a company registered in England and Wales with number 5011650. Registered office: Pixham End, Dorking, Surrey, RH4 1QA. PMS is an appointed representative of Sesame Limited.