The date for your diary is 25 May 2018. The topic is General Data Protection Regulation’s (GDPR). This new legislation will apply to all businesses which collect personal data. The first key transparency requirement under the GDPR is the right to be informed.
Under GDPR a company must communicate the following information in clear and plain language to the individual when their data is being collected or if it is collected through another source, within a reasonable period:
- Name and contact details of your company
- Your purpose and lawful basis to collect and process data
- What type of data you collect
- How you collect and store data securely
- How long data is retained
- If applicable, details of any data transferred to any third countries or international organisations
- How individuals can view their information you hold and how they can remove their information
If you are a public body, large data processor, or if your company collects personal data from a source on an individual’s behalf there is additional information you must provide. For this information or if you are worried about the upcoming GDPR regulations you can access many free resources at www.ico.org.uk.
Jenn McArthur, Data Protection officer at STEP