The Office of the Data Protection Commissioner (DPC) has released a guide to the upcoming General Data Protection Regulation (GDPR) that will come into force in May 2018.
The document entitled “The GDPR and You: Preparing for 2018” gives awareness and implementation advice, as well as a checklist, to those preparing for the new regulation.
“The General Data Protection Regulation will come into force on the 25 May 2018, replacing the existing data protection framework under the EU Data Protection Directive,” says the guide.
“As a regulation, it will not generally require transposition into Irish law (regulations have ‘direct effect’), so organisations involved in data processing of any sort need to be aware the regulation addresses them directly in terms of the obligations it imposes. The GDPR emphasises transparency, security and accountability by data controllers, while at the same time standardising and strengthening the right of European citizens to data privacy.”
The guide says the office of the (DPC) is aware of anxieties as a result of the increased obligations the regulation places on organisations. The guide aims to alleviate some of those concerns, said the DPC, and facilitate a smooth transition to future data privacy standards for data controllers and data subjects alike.
The guide advises that many of the main concepts and principles of GDPR are much the same current Data Protection Acts 1988 and 2003 (the Acts), reminding organisations that if they are currently compliant, then much of that approach will remain valid under the GDPR.
“However,” the guide says, “GDPR introduces new elements and significant enhancements which will require detailed consideration by all organisations involved in processing personal data. Some elements of GDPR will be more relevant to certain organisations than others, and it is important and useful to identify and map out those areas which will have the greatest impact on your business model.”
It is essential that all organisations immediately start preparing for the implementation of GDPR by carrying out a “review and enhance” analysis of all current or envisaged processing in line with GDPR, the guide warns.
This will allow time to ensure adequate procedures are in place to deal with the increased transparency, accountability and individuals’ rights provisions, as well as optimising the approach to governance and to manage data protection as a corporate issue. It is essential to start planning your approach to GDPR compliance as early as you can, and to ensure a cohesive approach amongst key people in your organisation.
“The sooner you begin to prepare for the GDPR, the more cost-effective it will be for your organisation,” says the guide.
The full guide is available from the DPC web site.
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers