T-360 days…and counting!

It was T-minus 360 days on Tuesday, so we’re a few days closer to the point at which we must comply with the new General Data Protection Regulation (GDPR). This is a piece of European Union legislation that was passed in 2016, and that will be enforced from the 25^th of May next year. (And it looks like Brexit won’t impact on whether we, in the UK, need to be compliant – if the UK wants to continue to share data with EU countries then we’ll need to meet the requirements of this new legislation.) The GDPR is designed to provide increased protection to personal data (anything from your name to your IP address) and give more rights to the individual over where their personal data is held and what it can be used for. For anyone who wants to find out more about GDPR there are handy intros on Wikipedia (https://en.wikipedia.org/wiki/General_Data_Protection_Regulation) and the Information Commissioner's Office website (https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/introduction/).

And with this countdown in mind, and to learn more about how GDPR might impact on the archive, Tuesday was spent at a training day to prepare for GDPR and, what the conference organisers termed, ‘the regulation revolution’. It was no small challenge to attend, with a trek across the Greater Manchester area on a number 67 bus and a quick sprint down the side of a dual carriageway to get to the venue! But once there, there were lots of opportunities to learn about some of the detail in the GDPR and get some guidance on the next steps to prepare for May 2018. One of the most helpful talks gave three main pointers: 1. examine where you store data and where it goes; 2. determine the legal basis for holding any personal data and if you don’t have a legal basis, or the consent of the individual, then you can no longer hold the information; and 3. maintain a record of the decisions you make that support your compliance.

One of the key messages of the day was that if an organisation is already compliant with the Data Protection Act (which we are!) then they are already well on the way to being compliant with the GDPR. So all-in-all a useful day: educational and reassuring, oh and there were chips for lunch!