30 local businesses attended a training seminar, organised by us in partnership with the Surrey Chambers of Commerce, which explained the provisions of the new General Data Protection Regulation (GDPR), and provided attendees with the latest news from the Information Commissioners Office and tips on compliance.
In May this year, Europe's data protection rules underwent their biggest changes in two decades. Since regulations were originally created in the 1990’s, the amount of digital information created, captured and stored has vastly increased and the regulations needed an overhaul.
The solution is the European General Data Protection Regulation, which came into force in May. Both personal data and sensitive personal data are covered by GDPR. Personal data broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address, etc. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation and more.
Businesses need to have documentation in place detailing why people's information is being collected and processed, descriptions of the information that's held, how long it's being kept for and descriptions of technical security measures in place.
There's also a requirement to obtain consent to process data in some situations. When an organisation is relying on consent to lawfully use a person's information they have to clearly explain that consent is being given and there has to be a "positive opt-in".
GDPR also sets out the rights of individuals and obligations placed on organisations covered by the regulation. These include allowing people to have easier access to the data organisations hold about them, a new fines regime and a clear responsibility for organisations to obtain the consent of people they collect information about.