In the past two weeks Mark Hardman from Computer Bright Ltd ran a training session on the new regulations coming out in May this year.
The session was well attended and invoked a lot of discussion and questions about what needs to be done. Certainly there will be is a step change from the existing Data Protection Act and impacts on all organisations whatever size and or structure. It also empowers the Government i.e. the Information Commissioner’s Office to be able to carry out audits of organisations at any time.
So what did it cover? In short this is what was said:-
- The new regulation will come in to force on 25th May 2018
- There will be increased powers of audit by the Information Commissioners Office (and they are recruiting more staff!)
- The regulation seeks to further protect peoples information. That covers information that is directly a record of personal detail (e.g. name and telephone number) and information that is kept indirectly (e.g. within an email or on a list)
- It requires organisations to state the purposes for holding information and the purposes need to be specific and explicit
- Consent from the individual needs to be obtained for each purpose.
Individuals will have the:-
- Right to access their information
- Right to be forgotten
- Right to information about the use of data
- Right to have information corrected or rectified.
Feedback from the first session has been excellent and Mark or his Company may be able to deliver some further sessions. So if you are interested then please let us know at Sobus: firstname.lastname@example.org ”