GDPR - what do you need to consider?

Jane Bennett

Marketing Manager
01/03/2017

From May 2018, you will need to prove you have consent from an individual in order to store and use their information. As this is not a requirement currently under the DPA, this is likely to be a big challenge for many businesses. 

• You may need to simplify the language you use in order to obtain consent and you will need to clearly and transparently show how that consent was acquired and exactly what you acquired it for. Any business that cannot show this will have their data processing activities shut down.
• You will not be able to hold any data for longer than you need to and you will not be able to change the use of that data from the original purpose for which is was collected.
• GDPR introduces the right to be forgotten, which means you must delete completely any data held on an individual if they ask you to do so
• Public Authorities and certain kinds of companies will be required to appoint a data protection officer (DPO), when “core activities” require “regular and systematic monitoring of data subjects on a large scale” or consist of “processing on a large scale of special categories of data”.
• You must design all projects (and software if you build it) with privacy in mind

Look out for our next blog GDPR - WHAT SHOULD YOU BE DOING