The EU is currently putting together the General Data Protection Regulation – new legislation that will replace the Data Protection Act in May 2018. Why is it happening, and what will the impact be?
The GDPR shares many similarities with the existing DPA, but there are some important changes to be aware of.
What’s wrong with the Data Protection Act?
The DPA was put together in 1998, which means by next year it will be 20 years old. While many areas are still relevant today, the fast-paced development of technology and globalisation have led to significant changes in the way businesses handle data.
There are also differences across EU member states in the way the DPA has been implemented. The GDPR aims to address these differences and bring a unified approach to data protection. This will strengthen the safety of sharing data between EU countries and external countries, who will need to comply with the GDPR requirements when processing EU citizens’ personal data.
What will it mean for the data I already hold?
With the DPA, you already need to get consent before you can store personal data. The GDPR will require that consent is “freely given, specific, informed and an unambiguous indication of the individual’s wishes”. This means that pre-ticked boxes will no longer be acceptable as a form of consent.
As part of the implementation of the GDPR, you will need to complete a review of the way you gain consent. Any consent previously obtained, that does not meet the new requirements, will need to be obtained again to achieve appropriate consent standards.
When will this affect me?
The GDPR will apply in the UK from 25 May 2018. The UK government has confirmed that the introduction of the GDPR will go ahead, despite the decision to leave the EU.