, 11, 11C, 12, 13, 14, 15, 16, 17, 1831, 186, 188, 19, N2076, 11, 11C, 12, 128, 128C, 131, 131C, 132, 132C, 129, 129C, 14, 15, 16, 17, 1831, 186, 188, 19, N2076
Default banner
GDPR: The basics
Blog cover
Posted by IPG
In the first of a series of blogs about changes to data protection laws, the IPG’s business support helpline Croner explains some of the basics of GDPR

What is GDPR?

GDPR stands for General Data Protection Regulation. It replaces the UK’s Data Protection Act, and brings in a strict set of new rules concerning privacy and data security, while imposing penalties on businesses that violate them. It will give people much more control of their personal data and how it is used.

Why is the legislation changing?

Because digital technology has moved forward far more rapidly than the law. GDPR is considered necessary to help the law catch up with the fast-evolving digital environment.

When do the changes come into effect?

On 25 May 2018, across the European Union.

What rights does GDPR grant?

GDPR gives people about whom your business holds data new rights, including these eight.
1 The right of access. Subjects will be entitled to access their data and find out how you are using it.
2 The right to rectification. People can ask you to update any inaccurate or incomplete data.
3 The right to restrict processing. Businesses may be allowed to store but not process personal data.
4 The right to data portability. This allows people to get some of their data from you for their personal use.
5 The right to erasure. You can be asked to delete or remove people’s data; this is commonly called ‘the right to be forgotten’.
6 The right to object. People can opt out of you profiling them based on their data, direct marketing or research.
7 The right to be informed. This means your privacy notice must state how you process information fairly.
8 Rights in relation to automated decision making and profiling. This gives people protection against mistakes or decisions where humans are not involved in data processing.

What do I need to do?

Changes will vary by business, but here are seven things to consider.
1 Create a register of the personal information you hold, where it came from, and who you share it with.
2 Put in place a process for handling requests for any data you hold. It should include details of how quickly you will respond, how you will provide it and how you will assure requesters that they own it. You should ensure you can honour the rights of anyone who asks for their data, and be able to prove that you have removed data if requested to do so.
3 Get consent to store, manage, maintain and use personal data or consider what other rights you may have to process personal data.
4 Make sure people in your business know the law is changing, and nominate a responsible person to be your Data Protection Officer or representative, as applicable.
5 Review the current privacy notices for the data you store and prepare to change them for GDPR.
6 Decide if you need a system for identifying the age of individuals and whether you need parent or guardian consent.
7 Have an emergency plan in case you lose data or someone steals it.
Croner has more detailed advice about GDPR in this white paper. IPG members have free access to the Croner Business Support Helpline, which provides advice on issues including law, HR, tax and much more. For details of how to access the Helpline, click here.

Related blogs

Click to reply

Have your say

Want to have your say on this blog post? Add a title of your message along with your actual message in the fields below.
Alternatively, if you just want to be notified when someone else makes a comment, use the 'watch' option here when you're logged in and we'll send you an email to let you know.


New on the blog

Description: 59375497_2222337154499865_7297025908349599744_o
Posted by IPG
We’re looking forward to a busy programme of events this year. Here are nine of the dates for your diary! - read more ➥
Description: Apprentices
Posted by IPG
Marcus Simmons of LDN Apprenticeships explains how taking on an apprentice can benefit smaller publishers - read more ➥
Description: Sinjore
Posted by IPG
A Q&A with India-based publishing technology specialist Sinjore - read more ➥