The GDPR comes into effect on 25 May 2018. Changes will include the following.
New rights for data subjects
The new rights are:
- the right to be forgotten – in some cases an individual can ask for their personal data to be deleted
- changes to consent required from individuals
- where consent for the use of personal data is required it must in future be explicit, non-ambiguous and given freely
- can be withdrawn
Mandatory breach notification
In certain circumstances organisations will have to tell the Information Commissioner Office about unauthorised disclosures of personal data as soon as they are discovered. If the disclosure has serious implications for any individuals, they will have to be informed as well.
Privacy by design
Organisations should design data protection into development of business processes, new systems and undertake Privacy Impact Assessments (PIAs).
Read more about Privacy Impact Assessments, procedures and guidance.
Data protection officers
A designated post of data protection officer will be strategically responsible for GDPR.
Our data protection officer is Simon Hobbs. Our GDPR programme manager is Martin Stone.
More background information is available in the GDPR guidance attached to this page.
If you need advice, please email: GDPR@derbyshire.gov.uk