The General Data Protection Regulation requirements apply to each Member State of the European Union, aiming to create more consistent protection of consumer and personal data across EU Member States. In April 2016 the GDPR were adopted at EU level. The GDPR came into effect on the 25th of May 2018 and will replace the Data Protection Act. Companies that fail to achieve GDPR compliance before the deadline may be subject to penalties and fines.
This subject is relevant to those responsible for processes involving personal data including Human Resources Managers, Marketing Managers, IT Managers, Compliance Officers, Internal Auditors, and Administration Officers.
It is very important that one should get to grips with, and obtain clear understanding of, the processes and procedures that need to be in place in order to comply on an ongoing basis from May 2018. One should have good knowledge about:
- Data protection impact assessments.
- Data protection compliance audits.
- Selecting and negotiating with a service provider: contract clauses and security measures.
- Handling subject access requests and requests for rectification or erasure.
- Data breach detection and incident management.
- Managing data retention; archiving and record pseudonymisation.
- Maintaining a record of processing activities.
For more information one can refer to: https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en or contact the Office of the Information and Data Protection Commissioner.