We have been regularly updating you about the new General Data Protection Regulation (GDPR), which was introduced on 25 May 2018 and replaces the EU Data Protection Directive and the Data Protection Act 1998.
For further detail see our updates here.
Just in case you’re still finalising your GDPR compliance (!), you may find the following guidance from the Information Commissioner’s Office (ICO), European Commission and ACAS helpful:
The ICO has published a series of data protection self-assessment toolkits (available here) to help employers comply with their legal obligations when they collect, process and store personal information.
Toolkits include a self-assessment checklist for data controllers, data processors and information on creating a cyber security and risk policy and record management procedures.
Once completed, users will receive a report which details the practical steps they should take to improve their data protection procedures.
The ICO has published the final version of its guidance on consent (available here). The guidance is intended to sit alongside the ICO’s Guide to the GDPR (available here) and provide further detail on consent and when it should be relied on as a lawful basis for processing personal data.
The guidance considers:
The European Commission has published a simple “Seven steps for businesses to get ready for the General Data Protection Regulation”, available here. This is aimed at companies that do not handle data as a core business activity but still deal with personal data. For example, those that deal with data concerning their employees or clients.
Key steps outlined in the document include:
ACAS has published new guidance on the GDPR and what it will mean for employers, available here.
The guidance is made up of a series of questions which cover key issues such as:
ACAS also urges employers to contact them using its helpline if they have any questions about the guidance.