New data protection regulation for UK and EU based IFPA members and schools
On 25th May 2018 the General Data Protection Regulation (GDPR) will replace current EU legislation on how personal data is protected. In the UK, it also replaces the Data Protection Act 1998. The aim is to make data collection rules consistent across the EU.
This means that if you process data on individuals in the context of selling goods or services to citizens in EU countries you will need to comply with the GDPR.
For our UK members, regardless of what happens with Brexit, it’s important to note that the GDPR will still apply for non-EU companies who processes personal data of those living in the EU.
In addition, it is the intention of the UK Government to strengthen UK data protection law by introducing a new Data Protection Bill which will bring the GDPR into UK law, maintaining consistent treatment of data post Brexit.
One of the biggest considerations of the new regulations is making sure ‘sensitive data’ is handled correctly, individuals must actively give consent for their data to be collected and understand what information is being collected, and specifically what it is being used for.
The IFPA is currently considering what these changes may mean for the organisation and its members, and will offer some basic guidance to members in due course.