New data protection laws affecting UK organisations come into effect in May 2018. Complying with the new General Data Protection Regulation (GDPR) regime, which gives individuals the right to control data and protection, will mean associations having to review their existing data protection policies.
Louise Clarke talked to Kitty Rosser, Intellectual Property Associate with the law firm Birketts. Kitty stressed that failing to comply with the new law puts organisations at risk of fines of up to €20 million. Individuals affected by the misuse of data will also be able to claim compensation for damage, distress and hurt feelings under the new regulations.
As previously, the new data regulations apply to personal data such as HR records, customer lists, or contact details. However, the GDPR definition also includes online identifiers such as an Internet Protocol address as personal data reflecting changes in technology.
“The focus of the updated laws is on accountability and transparency,” explains Kitty. “Organisations will have to be proactive and find out how the laws apply to them. There will be new record keeping procedures and policies controlling what they do with data. Many larger organisations will have to appoint a qualified data protection officer.
“Existing data protection laws are over 20 years’ old, pre-dating Google and Facebook and didn’t anticipate how technology would develop and that data would be collected and analysed in such large volumes. The new data protection framework is designed to be technologically neutral and deal with the reality of Big Data and the Internet of Things.”
The Government has confirmed that the UK’s decision to leave the EU will not affect the introduction of GDPR. The UK will probably also adopt this law post Brexit as in order for Britain to continue to provide goods and services to the EU it will have to comply with EU data protection regulations.
Birketts has been running a series of seminars across the UK for the Institute of Fundraising focusing on the changes which will be introduced by GDPR.