The Data Protection Act 1998 (DPA), enacted under the EU’s Directive 95/46/EC, will be replaced on 25th May 2018 with the EU General Data Protection Regulation (GDPR), bringing a stronger, broader and more consistent legislation to the protection of personal data.
As a ‘Regulation‘ rather than a ‘Directive’, its rules will apply directly to all Member States, repealing and replacing their existing data protection laws and whilst May 2018 is still a long way off, it is never too early to plan and prepare! The GDPR brings with it stronger and tighter controls, data subject rights, conditions for consent and an overall expectation for businesses to demonstrate their compliance with the Regulation.
As the GDPR applies to many of our FCA authorised clients, we have developed extensive GDPR documents to assist in the planning and document development stage. Our GDPR documents are suitable for all business types (not just Financial Services), however as any off-the-shelf provider should tell you – customisation is required. Our GDPR Policy & Procedure covers the GDPR requirements adnd includes objectives procedures and controls and firms can use this as a foundation for creating structured and robust compliance documents.
We have spent months reading, digesting and dissecting the GDPR legislation, recitals, Supervisory Authority guidelines and Article 29 Working Party opinions, letters and recommendations to ensure that our content is up-to-date and relevant. Our products are not a complete solution as firms need to take ownership of and be accountable for their data protection program. However, our GDPR documents will assist in your program development and implementation.