General Data Protection Regulation

The countdown to GDPR is on………84 Days 

Here at ReACT we have received a number of enquiries asking if we are doing anything to help users comply with the main elements of new data protection rules being introduced in the General Data Protection Regulations which are enforceable from 25th May 2018.

Firstly, what do the new regulations say and what do they mean? The stated purpose of GDPR is:

“to provide citizens with a greater level of control over their personal data”.

The sort of data which will fall under the regulations are:

  • name
  • photo
  • email address
  • social media posts
  • personal medical information
  • IP address
  • bank details

The GDPR cover any information that can be classified as personal details or that can be used to determine identity. Parental consent will be required to process any data relating to children aged 16 and under.

The regulations specify the entities that will be impacted by the GDPR and the wording specifically includes data processors and data controllers. This means that information stored in a “cloud” or in a separate physical location is still subject to the regulations. Regardless of who has determined how your information will be used and who actually uses it, fines can still be imposed for misuse if it concerns the data of EU citizens – yes this is EU legislation but it has been adopted by our government and is unaffected by Brexit. Individuals will have the right to obtain from “the controller” (the person or organisation holding and using their data) details of personal data concerning him or her without undue delay and the controller shall have the obligation to delete personal data again without undue delay.

This means that any business or organisation will need to set up databases in ways that allow the tracing and deleting of data that may be challenged which can be an enormous task. The team at ReACT have been working on a solution and developers are in the final stages of an application to allow users to delete selected data from the database. When completed we will contact the person responsible for data in your organisation to update them on how the application will work and what the next steps will be.

It is understood that Resolve ASB are likely to arrange briefing sessions to advise and assist members with the introduction of GDPR. Please contact Julie Roberts at Resolve ASB for more information.