Well this is the start of the regulated journey to compliance. Much has been achieved in the just over two years since the GDPR was published in the Official Journal of the European Union, but the data protection landscape is an evolving one.
Even this week we have seen Royal Assent to the UK's new Data Protection Act 2018, which comes into law today alongside the GDPR. It supplements the GDPR, dealing with UK-specific derogations and additions to make it appropriate for application in the UK. It also deals with intelligence services and law enforcement processing, and gives the ICO additional powers.
But much has been said about enforcement. A key principle at the heart of GDPR is providing transparency to "data subjects" - you and I and our customers, contacts and others who we hold personal data about. It's also about being able to demonstrate the steps towards compliance you have taken and keeping records of these.
We've been delighted to keep you updated about GDPR through our portal, IHL training sessions, updates and more. If you'd like to receive our GDPR Guidance Tracker which logs the ICO's guidance, European guidance and our articles, simply email [email protected] and ask to be added to our GDPR Guidance Tracker, or sign up to our firmwide topic-based marketing here (or change your preferences). The GDPR Guidance Tracker will be updated shortly to cover the Data Protection Act 2018 as well.
Here are some ways we would like to support you evolving your compliance for the remainder of 2018 and beyond:
- Resolving the remaining compliance actions you've left until after today - we have template policies and contract documents for example to assist with this;
- Advising you on breach reporting, and whether the exemptions can be relied upon, or what to say in a breach report;
- Undertaking periodic reviews or audits of your compliance, and determining appropriate methods for resolving issues identified;
- Assisting with Data Protection Impact Assessments (for high risk processing) and/or Legitimate Interests Assessments (for when you use legitimate interests as your legal basis for processing personal data);
- In corporate transactions, checking the data protection status of the target (or preparing the target for sale);
- Assisting you with updating your Accountability principle documents - to show and record how you comply;
- Considering your digital media and marketing compliance; and
- Advising on data subject rights requests, how to handle and resolve these quickly and efficiently.
We look forward to doing so.