You are likely to be aware by now of the changes to data protection law coming into force on the 25th May 2018.
The General Data Protection Regulation (GDPR) is Europe's new set of rules to protect personal data collected and used by businesses. The new framework gives greater protection and rights to individuals and places obligations on businesses for better data management.
- Make it simpler to withdraw consent for the use of personal data
- Allow people to ask for their personal data held by companies to be erased
- Enable parents and guardians to give consent for their child’s data to be used
- Require ‘explicit’ consent to be necessary for processing sensitive personal data
- Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
- Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
- Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
- Make it easier for customers to move data between service providers
- New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data
If you are interested in more, the ICO has produced an information leaflet which I have based my plans on - https://ico.org.uk/media/1624219/prepar ... -steps.pdf
FAQs - https://www.healthandsafetytips.co.uk/faq