We have been subject to Data Protection Legislation since the introduction of the Data Protection Act in 1984 (superceded in 1998). In May 2018, new European Legislation (General Data Protection Regulation, or GDPR for short) will come into force.
The legislation will be supervised by the Information Commissioners Office (ICO) who will continue to act as the UK’s data protection authority.
The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies:
- Increased Territorial Scope
- Strengthening of the conditions of Consent
- Mandatory requirement to notify breaches of GDPR where a data breach is likely to “result in a risk for the rights and freedoms of individuals” within 72 hours
- Rights of Individuals to request access to their data
- Right to be forgotten
- Data Portability
- Privacy by Design
- The appointment of Data Protection Officers (only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences).
As a result of this change, it may be necessary for longstanding clients to opt-in to allow us to continue processing personal data after May 2018. We will provide further information on this in due course.