What do the new GDRP Regulations mean for your data?
General Data Protection Regulation
The new regulation takes the old Data Protection Act to the next level. Businesses and organisations need to act now to become prepared before the Act is enforced later in the year.
What Is GDRP?
Who does the GDRP affect?
A brief summary
- Whereas before, you might assume people consent to their details being held and used by you and you sending the odd marketing email, now, you have to have evidence of that consent..
- You have to take measures by law to protect the data you keep, and inform the ICO of data breaches, as well as the people involved.
- Someone should be in charge of data in the organisation. In a sole trader business, this would be the owner. In a large sports club, or retail business, a designated person needs to be placed in charge, with the remit to take decisions, and manage to all levels in the system including top level management.
- You need robust systems to check you have permission to hold data on people. This includes looking back, and if necessary, asking again.
- A published system for people to check data held on them, to amend if mistakes are found, and to delete their data.
So, what to do now?
1. Audit your data - Now
2. Check if you have asked permission
Permission to take photos?
Permission to pass details to other organisations? – For example if you are accredited to an organisation, passing details to them needs permission.
Have you included social media?
Do you state how you will use images whilst still protecting people in the images, especially children by not using their names, or personal details about them.
4. Minimise data held to the absolute minimum
If you dont need dates of birth for children, then dont take them (a birth year might be enough for your needs)
5. Ensure Parent / Guardian permissions, and contact details have been sought
6. Communicate your policy, and how people can check and delete information held on them
7. Audit your processes and data regularly to ensure it meets your stated policy.
So, What Now?
Here is the summary of ‘What to do Now‘ issued by the ICO.
About the author
Director - Brilliant Bookings
Rob has been creating websites since 2007. After leaving a career at commercial director level in high street retail and hosptality, Rob has focussed his skills on helping others reach out more via digital media. With over 500 websites so far, Rob has helped organisations with websites, digital security, online advertising, CRM systems, as well as market research, benchmarking, and other business advice.
Let us help you grow Your business
Start the ball rolling by sending a message with a few details, and we’ll get back asap to start the ball rolling.