What is the Regulation?
The European Parliament has introduced a General Data Protection Regulation (GDPR) by way of reform of EU Data Protection Law.
The GDPR replaces the current Data Protection Directive, which was implemented into UK Law through the Data Protection Act 1998.
As the GDPR is a Regulation, rather than a Directive, it will be immediately binding on all EU member states immediately once in force.
When does GDPR become Law?
Consultation began in 2009 in recognition of the new challenges for personal data protection, particularly in light of new technologies and globalisation.
The implementation date for GDPR is 25th May 2018.
Implications of BREXIT
The Information Commissioner’s Office (“ICO”) has said that the Government needs to consider the impact of BREXIT on the GDPR.
However, the GDPR cannot be ignored for the following reasons:
We do not know the date that the UK will leave Europe. We will however still be in the EU come the implementation date of 25th May 2018.
Whilst the implementation date is still some time off, there may be a lot to do for organisations (especially large organisations) to ensure they are in a position to comply with the law once in force.
GDPR is still relevant when outside of the EU for organisations operating internationally.
The ICO is of the view that reform of the UK law remains necessary in any event.
Content
The GDPR presents a much more detailed framework and introduces some new principles and concepts.
Whilst the principles of the GDPR are similar to the principles under the Data Protection Act, there are some enhanced obligations.
Steps to take now
The ICO has published guidance on steps that data controllers should be taking now in order to prepare for GDPR.
These include:
Ensuing that decision makers and key people in your organisation are aware that the law is changing and to appreciate the impact this is likely to have.
Organise an information audit to document what personal data you hold, where it came from and who you share it with.
View current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
Check procedures to ensure they cover all the rights individuals have.
Update procedures in relation to subject access requests.
Look at the various types of data processing you carry out, identify your legal basis for carrying it out and document it.
Review how you are seeking, obtaining and recording consent and whether you need to make any changes.
Consider how you collect information in relation to children.
Make sure you have the right procedures in place to detect, report and investigate data protection breaches.
Familiarise yourself with the guidance the ICO has produced on privacy impact assessments and work out how and when to implement them in your organisation.
Designate a data protection officer within your organisation to take responsibility for data protection compliance.
If your organisation operates internationally, determine which data protection supervisory authority you come under.
USEFUL LINKS
ORGANISATION | PURPOSE | LINK |
 | GDPR in Recruitment Group | Join Here |
 | Lawful basis interactive guidance tool | Interactive Tool |
| Latest on GDPR from the ICO | What's New |
| Overview of the General Data Protection Regulation (GDPR) | ICO Overview |
| Getting Ready for the GDPR | ICO Guidance |
 | GDPR Privacy Policy Template | Template |
 | Is Your Business GDPR Compliant? | Fact Sheet |
 | Summary of Key Changes | Fact Sheet |
| Checklist | Fact Sheet |
| IT & Marketing | Fact Sheet |
| GDPR Testing | Outline |
| GDPR We Can Help | Help |
 | Your GDPR Questions Unpicked | Podcast |
| How to Use GDPR to Your Recruitment Agency's Advantage | eBook |
 | How to Choose the Right DPO | Fact Sheet |
 | GDPR Awareness Training Video | Video |
| GDPR Guide for Recruitment Agencies | Guide |
| GDPR Vendor Due Diligence Checklist | Checklist |
| Compliance Guide for Your Website | Compliance Guide |
 | GDPR Resource Hub | Resource Hub |
| Test your knowledge of the GDPR | Quiz |
Latest News
Upcoming TEAM Events
- London Regional Virtual Networking Meeting
- IT & Engineering Division Virtual Networking Meeting
- Immigration Virtual Event
- South West & Wales Virtual Regional Networking Event
- Solo Recruiter Virtual Networking Event
- Scotland Regional Virtual Networking Event
- South Central Virtual Regional Networking Meeting
- East Midlands & North East Joint Virtual Regional Networking Event
- South Virtual Regional Networking Meeting
- South Midlands Virtual Regional Networking Event
- Midlands Virtual Regional Networking Meeting
- East Virtual Regional Networking Event
- North West Virtual Regional Networking Meeting
- International Virtual Networking Meeting
- Executive & Professional Division Networking Meeting
- Sussex Regional Virtual Networking Meeting
- Practical and Operational Insights on how to Implement Practices for IR35 Reforms
- London Regional Virtual Networking Meeting
- IT & Engineering Division Virtual Networking Meeting
- More