It was T-minus 360 days on Tuesday, so we’re a few days
closer to the point at which we must comply with the new General Data
Protection Regulation (GDPR). This is a piece of European Union legislation
that was passed in 2016, and that will be enforced from the 25th of
May next year. (And it looks like Brexit won’t impact on whether we, in the UK,
need to be compliant – if the UK wants to continue to share data with EU countries
then we’ll need to meet the requirements of this new legislation.) The GDPR is
designed to provide increased protection to personal data (anything from your
name to your IP address) and give more rights to the individual over where
their personal data is held and what it can be used for. For anyone who wants
to find out more about GDPR there are handy intros on Wikipedia (https://en.wikipedia.org/wiki/General_Data_Protection_Regulation) and the Information Commissioner's Office website (https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/introduction/).
And with this countdown in mind, and to learn more about how
GDPR might impact on the archive, Tuesday was spent at a training day to
prepare for GDPR and, what the conference organisers termed, ‘the regulation
revolution’. It was no small challenge to attend, with a trek across the
Greater Manchester area on a number 67 bus and a quick sprint down the side of
a dual carriageway to get to the venue! But once there, there were lots of
opportunities to learn about some of the detail in the GDPR and get some guidance
on the next steps to prepare for May 2018. One of the most helpful talks gave three
main pointers: 1. examine where you store data and where it goes; 2. determine
the legal basis for holding any personal data and if you don’t have a legal
basis, or the consent of the individual, then you can no longer hold the
information; and 3. maintain a record of the decisions you make that support
your compliance.
One of the key messages of the day was that if an
organisation is already compliant with the Data Protection Act (which we are!)
then they are already well on the way to being compliant with the GDPR. So all-in-all
a useful day: educational and reassuring, oh and there were chips for lunch!
No comments:
Post a Comment