As you may be aware the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will place requirements on all businesses and organisations to implement strict Data Protection policies and procedures by 25th May 2018.
Whether as a business or voluntary organisation, where your organisation collects personal data, GDPR will apply to you. Whether you are a business, a charity, a GAA Club or a School Parents Association, where you collect data or use CCTV footage, you need to be aware of and fulfill your obligations in this regard.
The principles of Data Protection in the GPDR include:
Personal data must be:
- Processed lawfully, fairly and in a transparent matter (the “lawfulness, fairness and transparency principle”)
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (the “purpose limitation principle”)
- Adequate, relevant and limited to what is necessary in relation the purpose(s)
- Accurate and where necessary kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purpose(s) for which the data are processed
- Processed in a manner that ensures appropriate security of the personal data, using appropriate technical and organisational measures
- The controller is responsible for and must be able to demonstrate compliance with the above principles
What the above is really related to is the basic principles of:
- What information you hold (as a business/charity/voluntary organisation)
- Where the information is held
- Why you have particular types of data
- Who has access to this data
Every business/organisation has to adhere to the above principles and actively demonstrate that they are adhering to the principles of GDPR. There must be strict processes and procedures in place which should cover all relevant areas from what information is collected (with written opt in consent) to how it is securely stored and what it is used for.
This month has seen the commencement of many courses run by local libraries and town chambers available. Even if you run a charity of a voluntary organisation, it is imperative that you deal with your data protection policy now. For instance even CCTV footage can only be used where an accompanying sign is displayed so those in the vicinity will know who is recording such footage and for what reason.
Whilst we as a Financial Services broker already have stringent measures in place we will be availing of more specialised training specifically for our industry. I am sure many other businesses will do likewise.
If as a client of Roban Financial, you wish to see our Data Protection Policy, you are free to request a copy of same at any time.