What is GDPR and how will it affect your organisation?
The General Data Protection Regulation 2016 (“GDPR”) is the most important change in data privacy regulation in 20 years and if it’s not already on your organisation’s agenda, now is the time to act.
The aim of GDPR is to protect personal information that any living individual provides to any organisation, including care and nursing homes, care agencies and medical practitioners and to ensure that the personal information is kept safe, secure and is used appropriately. It will replace the current UK law, the Data Protection Act 1998 (“DPA”). Many believe that the DPA no longer provides appropriate or sufficient protection for an individual’s personal information.
GDPR applies to any organisation that processes personal data relating to a data subject. It applies to all organisations including, for example, public authorities, not for profit organisations, limited companies, trusts, charities and sole traders. All organisations must comply with GDPR and may need to take steps and implement new processes and procedures to achieve such compliance by 25 May 2018.
QCS is producing and releasing all the documents you need to support your understanding of what GDPR means for you, and to make sure you are ready and prepared for its arrival. By 25 May 2018, the following policies & procedures will be available on your QCS system:
- GDPR – An Overarching Policy
- Initial Privacy Impact Assessment
- Appointing a Data Protection Officer
- Data Security and Retention
- Website Privacy Policy & Procedure
- Subject Access Requests - Internal Policy & Procedure
- Subject Access Requests – Process Map
- Subject Access Requests – Request Letter
- Breach Notification – Internal Policy & Procedure
- Breach Notification – Process Map
- Fair Processing Notice Policy & Procedure
- Consent Form
- Privacy Impact Assessment (“PIA”)
- Privacy Impact Assessment - An Explanatory Policy