Businesses should review their data protection policies well before major legislative changes take effect in May 2018.
The General Data Protection Regulations (GDPR) will give people stronger rights:
- To access the personal data a business holds on them.
- To erase their personal information.
- To be informed about how their data is used.
- To correct inaccurate or incomplete information.
- Around data portability between service providers.
- Around automated decisions and profiling.
In addition, stronger rules regarding consent will give people more choice and control over how organisations use their data and oblige organisations to be transparent and accountable. The GDPR will also introduce a duty for all organisations to report serious data breaches to the data protection regulator, the Information Commissioner’s Office (ICO), and in some cases to the people affected.
“The real change for organisations will be understanding the new rights for consumers,” noted Information Commissioner Elizabeth Denham.
She said: “I want to see comprehensive data programs as the norm, organisations better protecting the data of citizens and consumers and a change of culture that makes broader and deeper data protection accountability a focus for organisations across the UK.”