General Data Protection Regulation (GDPR) will come into force on 25th May 2018
By now, you may have heard that GDPR is on its way. Here is a quick and easy guide to what GDPR is and how it will affect you.
GDPR will bring the Data Protection Act into the 21st century by seeking to protect individuals from inappropriate or unauthorised sharing of data. It creates new rights for individuals and strengthens rights which currently exist under the Data Protection Act 1998 (DPA).
GDPR gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the European Union.
GDPR provides the following rights for individuals:
|The right to be informed||The obligation to provide “fair processing of information”, as detailed through a privacy note. This emphasises the need for transparency over the use of personal data.|
|The right of access||This clarifies the reason for allowing individuals to access their personal data so that they are aware of and can verify the lawfulness of the processing.|
|The right of rectification||Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.|
|The right to erasure||Also known as “the right to be forgotten”. This allows an individual to request the deletion or removal of personal data where there is no reason for its continued processing.|
|The right to restrict processing||Individuals have a right to “block” the processing of personal data. This is when processing is restricted, you are permitted to store the personal data, but not process it.|
|The right to data portability||Allows individuals to obtain and reuse their personal data for their own purposes across different services.|
|The right to object||Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest, direct marketing, processing for purposes of scientific/historical research and statistics.|
|Rights in relation to automated decision making and profiling||GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention|
As a registered housing association, Connswater Homes holds a large amount of sensitive information on individuals. In terms of collecting personal data we are obliged to:
- enhance personal privacy – more rights for service users
- define the processes in place for dealing with data
- be more transparent as to why and how they use personal data
- comply with the new regulations or face a financial penalty.
The new regulation makes a number of activities mandatory for all organisations, such as:
- the requirement to update policies and procedures to reflect the requirements of GDPR. It will require changes to how organisations obtain and use consent and also how information is stored
- providing new and existing staff with suitable training and awareness, as well as additional sources of guidance and support when required
- conducting Data Protection Impact Assessments (DPIA) in order to design data privacy into any new systems and processes. This is of particular importance if new technology is being deployed, where there is processing on a large scale of data.
As a landlord Connswater Homes can legitimately request a range of information from tenants in relation to personal data. The Association can collect personal data in the form of opinions and intentions regarding tenants, a summary of personal data may be collected by landlords directly and from third parties and a landlord may use a range of forms to request various documents as landlords.
Under GDPR individuals must provide consent of their wishes. The consent must be separate from other terms and conditions with a simple process in place for people to withdraw their consent. We have enclosed with this issue of the Connswater Chronicle a consent form and a return envelope for all tenants to complete and return to us as soon as possible.
Connswater Homes will keep a record of your consent and will review it on a regular basis to ensure that the processing and purpose has not changed.