“Data Protection is changing”
The General Data Protection Regulations (GDPR) will apply in the UK from 25th May 2018. The UK’s decision to leave the EU will not affect this and therefore it makes sense to prepare for the new regime.
The GDPR applies to ‘personal data’ and makes it clear that information such as an online identifier – e.g. an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.
The GDPR cover ‘data controllers’ and ‘data processors’. A data controller says how and why personal data is processed and a data processor acts on the controller’s behalf.
If you are currently subject to the Data Protection Act, it is likely that you will also be subject to the GDPR. The new accountability principle states explicitly that it is your responsibility to demonstrate that you comply.
If you are currently a data processor, the GDPR will place new specific legal obligations on you and you will have significantly more legal liability if you are responsible for a breach.
CCL will make a business of less than 250 employees GDRP compliant for £350 (terms and conditions apply*). For businesses of more than 250 employees we can provide a bespoke quote for GDRP compliance.
*Terms and conditions
The starting point is compliance with the current Data Protection Act; if this is not in place we can provide a quote to achieve compliance.
If you deal with childrens data (those under 13 years old) there will also be an additional cost.