General Data Protection Regulation (GDPR) - preparing your business for the mandated changes ahead
A highly-informative and well-attended event covering General Data Protection Regulation (GDPR) - with the emphasis of a defence perspective, aided by the contributions from the MOD lead, Sandra Gardiner.
- the biggest reform of data protection laws in Europe for decades
- replaces 1995 Data Protection Directive (Data Protection Act 1998 in the UK)
- companies have until 25 May 2018 to comply to implement it into domestic law
- will apply to all data controllers and processors
- GDPR is not the Data Protection Act
- Two major shifts in emphasis: “Privacy by Design” and ownership of personal data rests with the data subject
- any organisation, public or private sector, holding personal data will have to comply
- approx two thirds of GDPR is reflected in current law
- gives data subjects far greater control over how their information is used by organisations
- principles of Transparency and Accountability at the heart of data protection
- its extra-territorial reach is new
- there are still 'unknowns' and further guidance expected from the Information Commissioner's Office
Presentations were from Jeremy Lilley, Programme Manager, Cloud, Big Data & Intellectual Property, techUK and Allen Woods, Chief Executive Officer, The Performance Organisers. The lively and informative Q&A panel session afterwards included Sandra Gardiner, ISS Information Rights Team Leader who represents the MOD on GDPR.
It is evident that GDPR is a topic that defence organisations of all scales will need to address. Expect further information and sessions on this topic in the future.
Added: 23rd November 2017