The General Data Protection Regulation (GDPR) is a EU regulation which came into force on 25th May 2018. Building on the 1995 EU Data Protection Directive (DPD), which it will replace, the GDPR aims to improve protection of EU citizens’ personal data. This will be done by increasing the rights of data subjects, raising the obligations of businesses who collate and process personal data, and putting into place tougher penalties for anyone found to be breaking these new laws.
A lot of questions have been raised around the relevance of GDPR when Brexit is implemented. But Brexit has no effect on the need for UK businesses to comply with GDPR. The UK Government published the draft Data Protection Bill 2017 in September 2017, and this brings into UK law all of GDPR and alters some key parts on things like the age of minors included. There are no material changes or exclusions from the full EU version and so no time should be lost in starting the journey to GDPR compliance.
Data Protection Principles
The previous law (the 1995 EU Data Protection Directive) set out the eight data protection principles which organisations have been using to govern how they collect, use and store personal data for more than two decades. The new legislation (GDPR) expands these existing principles. The principles are:
1. Obtain and process the personal data fairly
2. Keep it only for one or more specified and lawful purposes
3. Process it only in ways compatible with the purposes for which it was given to you initially
4. Keep it safe and secure
5. Keep it accurate and up-to-date
6. Ensure that it is adequate, relevant and not excessive
7. Retain it no longer than is necessary for the specified purpose or purposes
8. Give a copy of their personal data to any individual on request
What has changed?
An EU directive (like the previous law) sets out a goal that all EU countries must achieve, but the EU leaves it up to individual countries to devise their own laws to help them meet the stated goal. By contrast, an EU regulation – like the GDPR – is a binding law which applies to all EU member states in its entirety.
There have also been a number of changes made to the existing law under the GDPR. The most important changes to the EU law on data protection that the new GDPR will make for individuals' rights are listed below:
1. Consent
2. New rights
3. Access requests
Our GDPR Commitment
We are continually evaluating new requirements and restrictions imposed by the GDPR and will take any necessary actions to ensure that we handle customer data in compliance with the applicable law by the deadline.
We strive to deliver a great learning experience, earning the trust of all our students and business contacts. We will continue to make additional required operational changes resulting from the new legislation, and will keep everyone informed throughout this process. Staff training has taken place for all our staff to ensure GDPR compliance.