General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a new EU regulation which will come into force on 25th May 2018. Building on the 1995 EU Data Protection Directive (DPD), which it will replace, the GDPR aims to improve protection of EU citizens’ personal data. This will be done by increasing the rights of data subjects, raising the obligations of businesses who collate and process personal data, and putting into place tougher penalties for anyone found to be breaking these new laws.
A lot of questions have been raised around the relevance of GDPR when Brexit is implemented, but Brexit has no effect on the need for UK businesses to comply with GDPR. The UK Government published the draft Data Protection Bill 2017 in September 2017, and this brings into UK law all of GDPR and alters some key parts on things like the age of minors included. There are no material changes or exclusions from the full EU version and so no time should be lost in starting the journey to GDPR compliance.
Data protection principles
The previous law (the 1995 EU Data Protection Directive) set out the eight data protection principles which organisations have been using to govern how they collect, use and store personal data for more than two decades. The new legislation (GDPR) expands these existing principles. The principles are:
Obtain and process the personal data fairly
Keep it only for one or more specified and lawful purposes
Process it only in ways compatible with the purposes for which it was given to you initially
Keep it safe and secure
Keep it accurate and up-to-date
Ensure that it is adequate, relevant and not excessive
Retain it no longer than is necessary for the specified purpose or purposes
Give a copy of their personal data to any individual on requeststs
What has changed?
An EU directive (like the previous law) sets out a goal that all EU countries must achieve, but the EU leaves it up to individual countries to devise their own laws to help them meet the stated goal. By contrast, an EU regulation – like the GDPR – is a binding law which applies to all EU member states in its entirety.
There have also been a number of changes made to the existing law under the GDPR. The most important changes to the EU law on data protection that the new GDPR will make for individuals' rights are listed below:
1st Care Training Limited's GDPR Commitment
As we approach May 2018, 1st Care is focused on GDPR compliance efforts. During this implementation period we are continually evaluating new requirements and restrictions imposed by the GDPR and will take any necessary actions to ensure that we handle customer data in compliance with the applicable law by the deadline. We'll be keeping this page updated and sharing content over the coming months on the changes to our terms and operations that we are implementing.
At 1st Care, we strive to deliver an incredible learning experience, earning the trust of students and employers within the Eastern Region. We will continue to make additional required operational changes resulting from the new legislation, and will keep our customers, students, stakeholders and regulatory authorities informed throughout this process. Training has taken place for all Managers and we have appointed an GDPR nominee who is dedicated to the continual preparation to become GDPR compliant.