2018 was a big year for data protection, with a whirlwind of legal, regulatory and industry changes being introduced. This update provides a brief reflection of the past year and a look ahead at what is coming next in 2019.
Data Protection 2018
On the 25th May 2018 the much anticipated Data Protection Act 2018 (DPA) came in to force and enshrined the principles of the General Data Protection Regulation (GDPR) in to law. Many businesses (despite best efforts) were unprepared for the amount of work that the accountability principle brought to their organisations. The biggest challenge that has been consistent across industries and sectors is the ability to know where their personal data is and to record that in a Record of Processing Activity (ROPA) that is meaningful, useful, and maintained. Nonetheless, businesses are getting there, and DPAS has seen an increase in quality of ROPA and an understanding of how these documents can be used to create efficiencies for organisations in a data centric world.
As 29th March 2019 draws ever closer, there is an increasing likelihood that the UK will leave with ‘no deal’ or without being deemed an ‘adequate country’ in terms of sharing personal data across borders, per Article 45 of GDPR. This will mean the UK is a ‘third country’ to those who are processing data in the EU and businesses will need to reassess their processing (perhaps by using their ROPAs) to ensure they are DPA and GDPR compliant.
Nigel Gooding has written a series of articles expanding on this topic which provides more information, but in short, there are 2 main actions under GDPR that UK/EU organisations will have to undertake to ensure they can continue to trade. These are 1) businesses should be putting in place additional safeguards (per Article 46) such as Binding Corporate Rules, new contracts, new consent regimes or the development of an industry wide scheme or certification. All of these methods prove time consuming. 2) In addition UK companies will have to appoint a representative within the EU to act on behalf of UK companies under Article 27 of GDPR. Therefore your organisation should be identifying the potential risk of the UK leaving the EU and taking action now. DPAS are able to advise businesses if you have specific concerns.
PECR & ePrivacy Regulation
Whats new at DPAS!
With the new year, there are not just big commercial and
legal changes on the horizon. DPAS are excited to be expanding our
business out of London and the West Country, with new contracts starting in the North and in the Midlands.
Revised ROPA and ISO27001 Security Assurance Trackers
Over the Christmas period we have developed new ROPA tools, which include increasingly relevant information and ISO27001 security elements with improved accuracy and reporting functions.
New DPAS Website
We have been working hard on our new website which aims to bring you more relevant content and updates about what’s happening in the Data Protection world. You can also book onto our new training courses via the new website.
Our training courses are all now CPD accredited and we are running the following courses at our offices in Exeter during Feb, March and April:
Data Breach Course (1 day)
Data Protection Impact Assessment Course (1 day)
DPO Course (3 days)
Foundation Course (1 day)
Data Protection and Cyber Security e-Learning (1 hour)
Wishing you all a Happy New Year and a successful 2019!
From all the team at DPAS.