Many of you are probably aware of the changes in data protection legislation coming into force on 25 May 2018 through the General Data Protection Regulation (GDPR) — the new framework regulating data protection for individuals within the EU.
As the GDPR is a set of European regulations, there is a question over its implementation in the light of Brexit.
Nevertheless, the advice from the government and the Information Commissioner’s Office (ICO) is to fully prepare for it in any case, particularly for companies keen to continue to trade with the EU.
What does it mean for you?
The GDPR strengthens and widens current data protection legislation, and there are some significant new elements and features to be mindful of.
The regulators can issue larger fines for breaches of the legislation. These can be up to 4% of the total worldwide annual turnover of the breaching organisation or 20 million euros, whichever is higher.
Data subjects also have new and enhanced rights over the personal data that you keep, so you need to ensure that your procedures will cover, and demonstrate compliance with, all of these. This includes the right to be forgotten and for a data subject to receive their personal data in a portable format.
What does it mean for SSP?
There are two main areas of work for SSP:
Ensure that we are compliant with the regulations in terms of the personal data under our care.
This covers everything from how we handle and process our customers’ client data, and the design of our software and services, to our security systems and other safeguards.
Ensure that the requirements of the regulations are built into our software to enable our customers to be compliant.
Our customers need software that will help them to comply with all aspects of the legislation, such as the right to be forgotten. This is where an individual has the right for all information about them to be removed from a data controller’s systems.
What we are doing?
A programme of work has been started to ensure that our products and services help our customers to be GDPR-compliant. This will involve working with our customers, regulators and other industry bodies to clarify how the legislation will be interpreted in practice. The programme will allow for a robust testing period from the start of 2018 that will enable SSP and our customers to be ready and compliant by the time the regulations come into force in May.
As we continue to work through this programme, we will keep you informed of the latest developments through regular updates.
As well as reviewing the 12 steps to take now on the ICO’s website, you may wish to limit the risk of other breaches of the GDPR when it comes into force in 2018.
This article is an extract from SSP eye issue 10
About the Author
Company Secretary and Data Protection Officer — Richard has more than forty years’ experience of working in the IT services sector, for the most part serving the financial services industry. Richard sits on the main SSP management group, and is Company Secretary for all of the SSP group companies in the UK. He is head of Legal and Commercial for the worldwide SSP business, as well as being in charge of compliance and was appointed SSP’s Data Protection officer in 2017.More content by Richard Forrest