An update on GDPR

Thursday 17th August, 2017
Comments
Agency Info

The EU General Data Protection Regulations (GDPR) will completely modernise and update our current data protection regime. Rapid technological developments and globalisation coupled with a significant increase in the scale of collection and use of personal data has led to the first shake up of data protection rules in 20 years. GDPR puts the individual at the heart of the legislation with the core objective that people should have control over their own personal data. We also know that despite Brexit, the UK's decision to leave the EU will not affect the commencement of GDPR and a UK version of the Regulations will come into force 25th May 2018.

There are less than 10 months before GDPR comes into force and PayStream has wasted no time in our preparations. We want to get this right because we value its intentions - greater transparency, enhanced rights for citizens and increased accountability.

The Information Commissioner's Office (ICO) are regularly publishing articles and useful documents in respect of GDPR to help organisations review their current data protection policies and to prepare for the new regime. Myths about GDPR have started their rounds and the ICO are keen to sort fact from fiction. One myth, for example, currently trending relates to crippling fines. It's true that the ICO will have the power to impose fines much bigger than its current limit of £500,000, however, the ICO says that it's scaremongering to suggest that they will make early examples of organisations for minor infringements or that maximum fines will be the norm.

This is reassuring news from the ICO. The GDPR does include general conditions for imposing administrative fines. They should be effective, proportionate and dissuasive. However, the UK Information Commissioner, Elizabeth Denham, maintains the ICO's commitment to guiding, advising and educating organisations about data protection and that fines will continue to be a last resort. In 2016/17, the ICO concluded 17,300 cases and only 16 resulted in fines for the organisation concerned and they have as yet to invoke their maximum powers. Ms Denham went on to say that the ICO intend to use their new powers under GDPR proportionately and judiciously.

There are tangible benefits and competitive advantages to organisations that put data privacy and security at the heart of what they do. GDPR builds on data privacy and security principles that organisations should already be following. Rest assured, we've always had clear policies and procedures in respect of data protection and our preparations for GDPR are going well.

We're happy, as ever, to support our agencies and clients in their preparations, answer queries or just share the experiences we've had so far in our journey to GDPR compliance. The ICO's website has been a useful port of call. They have issued a document, 'Preparing for the General Data Protection Regulation (GDPR)' which sets out 12 steps to meet the new GDPR requirements. For those organisations wondering where to start, it is a useful reference point and could form the basic structure of a project plan.


There are tangible benefits and competitive advantages to organisations that put data privacy and security at the heart of what they do. GDPR builds on data privacy and security principles that organisations should already be following. Rest assured, we've always had clear policies and procedures in respect of data protection and our preparations for GDPR are going well.

You may also like...

PayStream win exclusive supplier status with Robert Walters

Thursday 27th July, 2017
Comments
PayStream news
Posted by Kerry Hull
In 2013 we were awarded sole supplier status with Robert Walters however we are delighted to announce that we have now achieved exclusive supplier status with a world leading specialist professional recruitment consultancy.