How to get ready for GDPR
The new rules surrounding General Data Protection Regulation (GDPR) came into force on 25 May 2018. Any CA who handles personal data for their clients or has oversight of private information needs to be aware of the changes and act accordingly.
The Data Protection Act 2017 replaced previous legislation from 1998 and will bring the UK into compliance with EU Regulation 2016/679. In addition to updating the law to accommodate modern technologies, the Act also impacts security requirements, accountability, and rights surrounding personal information.
Key changes include:
- Greater focus on business accountability for security requirements and appropriate risk protection.
- New guidelines concerning individual consent and data subject rights.
- Requirements for non-EU countries with regards to data on EU companies and individuals.
- More severe fines for failure to comply (up to €10m / 2% turnover for minor offences; up to €20m / 4% turnover for a serious breach)
What do you need to do?
Assessing how you and your business currently manage and interact with data will go a long way towards identifying any changes you may need to make. Your main objectives should be around educating yourself and other members of your organisation on what compliance with the Data Protection Act 2017 entails. It may be necessary to undergo training, take steps to improve your technology and software, and implement new processes for the handling of data.
These resources can help you get ready for GDPR:
- Read the planned reforms.
- Get your practice ready for the change.
- Research and upgrade your cybersecurity.
- Find out what ICAS support is available.
Keep up to date with the latest guidance from the ICAS Policy Leadership team and subscribe to your CA community magazine for in-depth information on the key issues affecting CAs.