The General Data Protection Regulation (GDPR) was approved in 2016 by the European Parliament and will become directly applicable as law in the UK from 25th May 2018. The new regulation follows up on the key data protection principles of the Data Protection Act 1998.
We are now living in a digital age and the new regulation puts a particular focus on automated data processing systems as well as; data subjects rights, transparency, consent, subject access requests and policies stating the lawful basis for processing personal data.
The Information Governance Team have been long preparing for the new regulation and much of the work required for compliance will be a continuation of the submissions we make annually to the NHS digital online platform, (The IG Toolkit).
Key Changes to be aware of
·SAR’s - Shorter timescales for meeting subject access requests
·Reporting of information breaches
·More transparency around processing personal data
·Data subjects rights
·Increased accountability on Data controllers
·Consent – Strengthened conditions around consent for use of personal data
The Information Governance Team is embracing the forthcoming regulation and will be working hard to continuously provide important and relevant information to fellow colleagues and partners.
If you would like to know more information about how we are taking the GDPR forward and what it means to you, please contact our IG Manager: