Jargon Busting The GDPR
Much is being written about the General Data Protection Regulation which comes into force in May 2018. Some of that content uses jargon that needs to be explained.
Privacy by design
Is an approach to projects that promotes privacy and data protection compliance from the start. This has always been an implicit requirement of the data protection principles but the GDPR makes it an express legal requirement.
Privacy impact assessments/data privacy impact assessment/PIAs/DPIAs
All terms describe the same thing. A privacy impact assessment is a tool to help an organisation identify the most effective way to comply with its data protection obligations and to meet individual’s expectations of privacy. A PIA is an integral part of taking a privacy by design approach and will enable an organisation to systematically and thoroughly analyse how a project or system will affect the privacy of the individuals involved.
Right to be forgotten
The right of an individual to require that a data controller deletes all information relating to that individual where the data is no longer required; the data has become irrelevant; where the individual withdraws consent to the processing of that information; or where the data is unlawfully processed.
Right to data portability
This is the right of individuals to obtain and reuse their personal data across different services.
Data Protection Officers
The individual responsible for compliance and training and who must be the first point of contact for all matters relating to data privacy. A data protection officer or DPO must be appointed by public authorities; organisations carrying out large scale and systematic monitoring of individuals; or organisations that carry out large scale processing of special categories of data or data relating to criminal convictions and offences.
For more information on the GDPR and how it may affect your business please Talk to Tollers on 01604 258558 and ask to speak to Liz Appleyard in our Commercial Team