The Data Protection Act 1998 is going to be added to by the Data Protection Act 2018 reflecting new European legislation called the General Data Protection Regulation (GDPR). The new law will extend the rights of individuals and require organisations holding personal data to comply with a new stricter set of rules. The GDPR comes into effect on 25 May 2018.
The new rights are:
In certain circumstances organisations will have to tell the Information Commissioner Office about unauthorised disclosures of personal data as soon as they are discovered. If the disclosure has serious implications for any individuals, they will have to be informed as well.
Organisations should design data protection into development of business processes, new systems and undertake Privacy Impact Assessments (PIAs.)
We have listed some links to help you get ready for the new GDPR.