Data Protection

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will came into effect across the EU on May 25, 2018.

The GDPR’s data protection principles are similar to those under the DPA (except there are six, instead of the current eight). Organisations must be able to demonstrate that any personal data they handle is:

• processed lawfully, fairly and transparently

• collected for specified, explicit and legitimate purposes

• adequate, relevant and limited to what is necessary

• accurate and kept up to date where necessary

• kept for no longer than is necessary where data subjects are identifiable

• processed securely and protected against accidental loss, destruction or damage.

GDPR is an update from existing data protection guidance. Most of what is required you should already be doing but we have prepared a check list for you to work through in regards to recruitment and HR.

Our Data Protection Officer is Bernhard Renelt, he will be able to support with right to access requests, right to be forgotten requests and any detailed questions - brenelt@fossil.com

Sources: www.cipd.co.uk www.investopedia.com

For more information visit https://www.eugdpr.org/