May 2018

Inform

Sections

You are here: News

Are you GDPR ready?

What is GDPR?

From 25 May 2018, data protection legislation is changing. The new General Data Protection Regulation (GDPR) puts a greater focus on individual rights and requires us to be open and transparent about the ways we collect, store, manage and share personal information. In particular, we have to evidence that we have appropriate protections in place. Are you thinking about the ways that GDPR will affect your service area? GDPR

Some of the key points to consider:

Collecting information – we need to clearly and specifically explain why we are collecting individuals’ personal information and how we will use it, at the point of collection. We can no longer rely on generic privacy statements.

Managing information securely – we need to make sure that personal information is stored safely, with appropriate access controls. We also need make sure that information is disposed of in a timely way.

Sharing information – we need to make sure that we have appropriate safeguards in place for sharing personal information. Usually, this will take the form of official agreements and contract clauses.

Understanding our information – we need to fully understand how information flows through our organisation, to make sure the appropriate controls are in place.

Data breaches – we need to have robust data breach reporting procedures. Under GDPR, data breaches must be reported to the Information Commissioner’s Office within 72 hours!

Data protection by design – we need to make sure that data protection is included in all our business processes, from the ground up. In particular, this means assessing risks to individual privacy whenever we change the way we use information.

Consent – in the past, we often asked people for consent to process their personal information. Under GDPR, there are many situations where this will not be appropriate. Further guidance on how to judge when to use consent will be coming soon.

To support staff in complying with GDPR, a GDPR Toolkit will be published on the Council Intranet. This will include guidance, templates and other tools that will be developed over the coming weeks and months. Keep watching this space for new and updated information!

For comments, questions and enquiries, contact the Data Protection Officer at dpo@eastlothian.gov.uk

Comments

No comments have been left for this article

Have your say...

Your name will be published alongside your comment but we will not publish your email address.

All comments will be reviewed by a moderator before being published.

Please ensure you complete all fields marked as mandatory.

More in this section

Update cookies preferences
Taylorfitch. Bringing Newsletters to life