February 26, 2018 Flourishing Lives 1 comment

The General Data Protection Regulation (GDPR) is Coming Our Way - Are You Ready?


From the 25th of May the current Data Protection Act will be replaced with the General Data Protection Regulation (GDPR). The GDPR is intending to revise data protection legislation and everyone, including charities, will have to meet these new standards.

Whilst much of the legislation from the DPA will remain, GDPR looks to reinforce certain elements. The key changes from the DPA include:

  • Evidencing compliance: the most significant change from the previous regulations is evidencing compliance. The new GDPR requires that it is shown how all processes around data have been considered and recorded. That means keeping a record of what you are doing and when. 
  • Individual rights: previously, individuals were able to ask to see all data an organisation held about them, and ask for any inaccuracies to be corrected. This process incurred a fee. Now it’s free and individuals can also request to have their data removed, to withdraw their consent, or to have their data given to them in a portable manner.
  • Categories of data: the new regulations have altered the ways in which organisations need to categorise personal and sensitive personal data.

One of the other key changes has been how non-compliance will be managed. Non-compliance can now result in fines of 4% of annual turnover (or up to €20m - whichever is higher). So, with 93 days to go at the time of writing this (there is a handy, if somewhat ominous countdown clock here), we’ve drawn together some of the most useful starting points.

Firstly, who does the GDPR apply to?

  • The GDPR applies to ‘controllers’ and ‘processors’. 
  • A controller determines the purposes and means of processing personal data.
  • A processor is responsible for processing personal data on behalf of a controller.
  • If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
  • And if you are a controller the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
  • The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
  • The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

To find out more about definitions and key legal principles, follow the link above or click here.

Chances are if you are reading this you are a charity and first thoughts may have turned to the implications of the GDPR on fundraising and reaching new supporters. However, the requirements will apply across the board, to campaigning, marketing, managing volunteers and recording information about service users – anything that involves processing an individual’s personal data.

The broad scope of ‘anything that involves processing an individual’s personal data’ can be broken down into the following 6 principles.

Personal data should be: 

  • Processed fairly, lawfully and in a transparent manner.
  • Used for specified, explicit and legitimate purposes.
  • Used in a way that is adequate, relevant and limited.
  • Accurate and kept up to date.
  • Kept no longer than is necessary.
  • Processed in a manner that ensures appropriate security of the data.

The scope of this Regulation really does mean that an organisation-wide approach will be needed and, importantly, volunteers as well as paid staff must be trained and equipped to protect data. To help with this process the Information Commissioner’s Office has produced a 12-step guide to preparing for the GDPR (below), for further detail on each of the bullet points click here.

 

12-Step Checklist

  • Awareness: You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
  • Information you hold: You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
  • Communicating privacy information: You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
  • Individuals’ rights: You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
  • Subject access requests: You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
  • Lawful basis for processing personal data: You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
  • Consent: You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
  • Children: You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
  • Data breaches: You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
  • Data Protection by Design and Data Protection Impact Assessments: You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation. 
  • Data Protection Officers: You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.
  • International: If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.

This has been a general introduction to familiarising oneself with the GDPR, using information from some of the main sources covering this change in legislation. However, if you have read or used anything else that has been useful to getting to grips with the GDPR please do comment on the blog/add to the forum or email it to the Flourishing Lives team!


1 Comment on “

  1. FLOURISHING LIVES I came upon this by chance. Would like to link in to your organization as I 70. Have you got a timetable. Should I come to your address. What is best way. Think fantastic what you are putting on next week at the Tate but unfortunately I not free next week. I can be contacted on v.carey@hotmail. com or 07765775168. Thanks Veronica Carey

  2. !!! 100% Deposit Match up to $300 !!!
    However, when you play online slots for real money, you set yourself up for the chance to win life-changing prizes. casino slots no deposit required slot canyon borrego springs slot machine wins las vegas slot new member 100 slots lv casino bonus
    continuation here >>> have a peek here
    Play Online Slots For Free on Reelzone and Win Real Money You’ve just discovered Reelzone, the only place online where you can play slot machines you find on casinos, for absolutely free and win real money while doing so. Question: (JAVA) A Slot Machine Simulation Understand The Application What It Looks Like To The User The Program Will Loop, Asking The User For A Bet Amount From 0 To 50 (assume Dollars, You Can Use Ints Or Longs). Tips for Precision Slot Car Racing. Get Slots Era MOD APK 4. Enjoy multi pay lines, various themes, surprising mini games, super jackpot, virtual shop & more! Absolutely FREE! Slot Machine got BIGGER & BETTER with v! Brand New Look & Loads of Exciting Feat 3,5/5(40). https://gamesforrealmoney.blogspot.com site

  3. Dear Madam,

    I won $14,000 !!! 100% Deposit Match up to $300 !!!
    The basics of it are that you can do quite well at online casinos, although you have to understand no casino will tolerate consistent winners. https://rebrand.ly/xzf14 slot it slot cars reviews casino slots free spins no deposit casino slot machine jackpot slot freebies for bingo bash slot 1 socket 370 adapter this website The HTML slot> element—part of the Web Components technology suite—is a placeholder inside a web component that you can fill with your own kup, which lets you create separate DOM trees and present them together. https://bit.ly/2JYvhUz Slot machine Clipart Free download! | View Slot machine illustration, images and graphics from +50, possibilities.
    This online casino review described only the three best online venues for roulette players. visit here Dec 11, В  The no deposit bonus is a riskfree way to try out the real money games of these online casinos. find more info The machines are designed to take more money than they give and to make a profit for the casino. 20 hot blast real money Free offline slots are divided into two main groups: classic and video slots. https://bit.ly/2LfUJ8K Casino slot machines for sale provided by casinos all over the country for home entertainment. my company Il gioco ГЁ prodotto da avian Gaming, una societГ  di software italiana che ha sede a .
    Jun 03, В  Free casino bonus code for Vegas Casino Online Your bonus code: BOCO25 25 no deposit bonus 70X Play through Maximum Withdrawal. go now Please follow the video tutorial step by step without missing anything in it and be a progambler slot machine player. https://rebrand.ly/82nma These internet casinos have the easiest and quickest cash outs / withdrawals anywhere in https://bit.ly/38Ul7io slot freebies huuuge casino slots capital no deposit bonus code slot o pol mega jack apk scatter slots era free coins casino slot machine jackpots https://gamesforrealmoney.blogspot.com

Leave a Reply

Your email address will not be published. Required fields are marked *