New Data Protection Rules are coming!
DPA – Data Protection Act
01
Is my business affected?
YES! Businesses will have increased obligations to safeguard the information of customers, suppliers and employees.
02
What is personal data?
Personal data has been given a wider definition and now includes online identifiers, biometric and genetic data.
03
What will change?
Most businesses will have to demonstrate compliance. Examples include proof of staff training and reviewing HR policies and procedures. The new rules have higher standards for obtaining consent.
04
What are the CONSEQUENCES?
The fines for non-compliance could be severe and may affect the company’s profit.
05
Data ‘controllers’ & ‘processors’
DPA applies to the way data is ‘processed’ and ‘controlled’. Processing includes areas such as storing, retrieving and erasing data. Controlling involves its manipulation, interpretation, and decision making.
06
What are the next steps?
You will need to spend some time getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority.
What is the DPA?
Under the DPA businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally, for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the DPA.
DPA will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the DPA.
Why does DPA apply to?
One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance. Under DPA, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.
Overall, the aims of the DPA are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organizations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.
Organizations will also have to think about existing DPA consents.