Getting ready for the GDPR
For organisations:
Data protection law is changing on 25 May 2018 and organisations need to be ready for the General Data Protection Regulation (GDPR).
The Information Commissioner’s Office (ICO) has produced a package of tools and resources to help you get ready.
The Guide to the GDPR explains the provisions of the GDPR to help organisations comply with its requirements. It is for those who have day-to-day responsibility for data protection.
This is a living document and the ICO are working to expand it in key areas. It includes links to relevant sections of the GDPR itself, to other ICO guidance and to guidance produced by the EU’s Article 29 Working Party. The Working Party includes representatives of the data protection authorities from each EU member state, and the ICO is the UK’s representative.
Alongside the Guide to the GDPR, ICO have produced a number of tools to help organisations to prepare for the GDPR:
Getting ready for GDPR – Checklist
Who does the GDPR apply to?
The GDPR applies to ‘controllers’ and ‘processors’.
A controller determines the purposes and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.
Source:
