Getting ready for GDPR
Post date: 11/04/2018 | Time to read article: 1 minsThe information within this article was correct at the time of publishing. Last updated 15/03/2019
What is General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is a new European Union (EU) law relating to the protection of personal data in the EU.
The GDPR will affect how organisations process personal data, which for us includes information about members, colleagues and third parties.
When will the GDPR come into force?
The current Data Protection Act 1998 will be superseded by the GDPR, along with the forthcoming Data Protection Act 2018 (currently in draft Bill form and subject to further Parliamentary debate), on 25 May 2018.
Who does GDPR apply to?
The GDPR applies to all individuals and organisations who process personal data in the EU, and has been written to reflect the increasingly digital climate in which organisations now operate.
What does the GDPR mean for my membership?
The GDPR, together with the forthcoming Data Protection Act 2018 (DPA 2018), aim to enhance the UK’s current data protection rules by introducing certain additional data protection obligations on organisations, increasing rights for individuals and allowing them more control over their own personal data.
MPS is committed to fulfilling its legal obligations in respect of the personal data we process, including those imposed by the GDPR and the DPA 2018. We will be providing greater detail on how we process personal data and the rights that individuals have in respect of it, as part of our readiness preparation.
Our GDPR plan
We remain committed to fulfilling our legal obligations in respect of the personal data we process, including those obligations imposed by the GDPR and the DPA 2018. We have been, and remain, very active in our readiness preparations. Amongst other things, we are taking steps to:
- educate the organisation about GDPR, the DPA 2018 and their requirements
- update our documented data protection procedures where appropriate, including those in relation to data subject access requests
- appoint a data protection officer
- review our data protection governance and reporting structures.
Like many companies, we've been following and reacting to guidance issued by the Information Commissioner’s Office (ICO) and EU’s Article 29 Working Party. We continue to review this guidance as it becomes available and will adjust our readiness preparations if appropriate.
What should I be doing?…
Read our blog on subject access requests.