General Data Protection Regulation (GDPR) is Coming - are you compliant?
The new GDPR will replace the current data protection regulations as of 25 May 2018.
New regulations relating to the protection of data will come into effect from May 2018.
GDPR will give new rights to individuals in respect of the personal data held by companies, place obligations on companies on data collection and processing and introduce a new regime of fines for data breaches.
The General Data Protection Regulation (GDPR) will replace the Data Protection Act 1998 on 25 May 2018. It will require all data controllers and data processors to meet new requirements. The UK will supplement this with a new Data Protection Act later this year.
The main changes include:
- Increased rights for data subjects, including a right to detailed data protection notices and new rights to delete or restrict data;
- New accountability obligations, which will require data controllers to demonstrate and record how they meet data protection obligations; and new fines, of up to €20,000,000.
A controller is an organisation that determines the means ("how") and purposes ("why") of processing. It can choose what data will be used and for what purposes, and is in charge of ensuring that all data protection requirements are met. For example, The FA is a data controller for its employees as their employer and of participants' details where these are registered under FA rules or are used for FA marketing.
The FA has been working closely with our legal helpline service provider, Muckle LLP, to provide support to clubs around GDPR. Muckle LLP has produced a series of fact sheets and easy-to-use online training modules which can be accessed via the links below should you want further information.
The Information Commissioner's Office (ICO) has also produced guidance for all UK businesses on how to prepare for the GDPR. You can find the following on its website:
In addition to the above, the ICO has a dedicated telephone helpline which provides advice on data protection matters and the GDPR.
The relevant contact information can be found here.