31 August
By Alison Whalley
Categories: Government/Industry News

Changes to data protection laws - we’re acting now for GDPR

Changes to data protection laws - we’re acting now for GDPR

Rules surrounding how we access, store and use data under the Data Protection Act (1998) are well known but soon these rules will be enhanced with the introduction of the new General Data Protection Regulations (GDPR) and it’s time for us to get ready…

Rules surrounding how we access, store and use data under the Data Protection Act (1998) are well known but do you know what data actually is?

Data is any information being processed or recorded in some form of filing system or which forms part of an accessible record.

Personal data is information which would allow for the identification of a living person when used on its own or alongside other information. This can include a person’s opinion on someone or information on their intentions for that individual. Personal data becomes sensitive when it relates to an individual’s:

  • race or ethnic origin
  • health or physical details
  • political opinions
  • sexual orientation
  • religious or other beliefs
  • details of a criminal conviction or pending legal hearings
  • membership of a trade union

Under current regulations the DPA comes into force when personal data is processed. That is, when it is obtained, altered, read, used, disclosed to others or destroyed.

What’s changing and when?

The current rules under The Data Protection Act (1998) will be enhanced with the introduction of the new General Data Protection Regulations (GDPR) in May 2018.

What will happen under GDPR?

The main principles of the Data Protection Act 1998 will be maintained but stricter frameworks will be implemented in relation to how data is stored, processed and shared. There’ll be greater accountability on businesses to process and retain data in line with regulations.

Things you need to know

  • Penalties - Higher penalties will be applied to businesses found to be in breach of GDPR rules
  • Consent - for a business to process data it will need to be “freely given, informed, specific and explicit”. Reasons for why data is needed and how it will be used will need to be attained for specific actions – an overarching consent will no longer be enough.
  • Right to be forgotten - People will acquire the right to be forgotten under GDPR allowing data to be completely erased in certain circumstances.
  • Notify of breaches - Businesses will also need to ensure they notify of breaches of the GDPR to the Information Commissioner’s Office within 72 hours of a breach taking place, if it has resulted in the unauthorised loss, amendment or disclosure of data.


What are Naylor Wintersgill doing to prepare for GDPR?

It may seem like a long way off but Naylor Wintersgill, like all other businesses, need to prepare well in advance for the changes ahead to ensure compliance with the new legislations happens on time.

Our team will be carrying out a review of all the types of data we hold within our business. We’ll also be reviewing our internal data protection policies and addressing the matter of consent.

Over the coming months, we’ll be providing more information on the GDPR but in the meantime, please do not hesitate to contact us for more information.