Data Protection across the European Union (EU) is changing next year and on 25 May 2018 Europe will enter a new piece of regulation to harmonise data protection across member countries. The new regulation is called General Data Protection Regulation, GDPR.
RookMay have been providing data protection services and audits to this pharmaceutical client for 3 years now and this years audit focused on preparing the client for meeting GDPR compliance.
Given the client holds alot of HR data, scientific information for long retention periods, has intellectual property (IP) to protect and secure and needs to properly capture, maintain, store, process (with multiple third party companies) and destroy in an audited manner – the timely audit was essential in identifying practical actions and recommendations to get right in preparation for May 2018.
RookMay is a specialist consulting and training services company based in London, UK and has been running independent information compliance, document management and cyber security services and training since 2002.
About General Data Protection Regulation (GDPR)
The GDPR will apply in the UK from 25 May 2018. Key points:
- The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the DPA – ie the controller says how and why personal data is processed and the processor acts on the controller’s behalf.
- If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.
- The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.