In April 2016 the EU General Data Protection Regulation (GDPR) was approved by MEPs and now enters a two year transition period where member states will begin to adopt the new requirements.
The UK Data Protection Act was established in 1998 and this update to the legislation offers more protection for individuals.
The regulations also introduce greater penalties for organisations who fall foul of the requirements.
The Information Commissioners’ Office (ICO) in the UK has issued a guidance document to help organisation prepare for the new requirements ahead of the 2018 deadline; titled “Preparing for the General Data Protection Regulations (GDPR) 12 Steps to take now”.
GDPR & ISO 27001
For those operating an Information Security Management System (ISMS) to ISO 27001, the new GDPR requirements should be considered now.
Implementing new procedures & training staff can take time, so it’s prudent to get a head start.
The GDPR introduces some new concepts too including age verification for those such as internet gaming or social media firms, who may process Children’s data. Parental or guardian consent must be verifiable.
Data Protection by Design is another key feature of the regulations and the ICO promote ‘Privacy Impact Assessments’ as a valuable tool when implementing new Data Processing Systems.
Find out More about the GDPR
Original Author: Assent Risk Management