|Of relevance to:||All firms|
|Key date:||Are you ready for 25 May 2018?|
Are you ready? On 25 May 2018, the General Data Protection Regulation (“GDPR”) will come into effect for all firms operating within Europe as well as firms outside of Europe which have data come in from, go through, or end up in, the European Union. As part of this regulation, individuals will be afforded enhanced rights regarding their data.
This would include:
- Data minimisation – Ensuring firms acquire, keep and use only data that they need to operate. This also includes securing informed consent for the use of personal data.
- The right to be forgotten – Under GDPR, individuals have extended control over their data. They can request to know what data firms hold on them and can ask for said data to be deleted.
- HR and employee records – Unless a firm has a good reason to retain ex-employees’ data, it should be deleted.
- Data safeguarding – Ensuring firms have adequate protection policies in place.
Questions to ask yourself
- Do you have the correct procedures to deal with data enquiries in place?
- Do you know what data you hold and how long you are allowed to hold it for?
- What steps have you taken to protect data?
- Is your firm’s need for the data it holds justified and can this be evidenced?
These questions will need to be answered to ensure proper compliance under GDPR.
Any FCA or other regulatory record keeping requirements need to be complied with.
Complyport GDPR Webinar
Recently, Complyport ran a webinar on GDPR which covered the challenges firms are facing during the implementation stage and how data protection can be managed after 25 May 2018. You can listen to a recording of the GDPR Webinar.