Tel: 0843 289 8899 
01626 798030 

blocklogosmall.png

  Helping LEAD Independent Lives

GDPR Centre



What is GDPR?

In 2012, the European Commission began a process to reform Europe's existing data protection laws by proposing a new data protection regulation to replace the current Data Protection Directive. GDPR was agreed and adopted in 2016 and took effect on 25 May 2018.

GDPR aims to make data protection regulations:

x1.png

More relevant

Updating EU data protection standards to make them more suitable for today's world

x2.png

More comprehensive

Remedying some of the perceived deficiencies of the current Data Protection Directive

x3.png

More unified

Achieving a better, more harmonised standard of data protection throughout the EU


What does GDPR change?

GDPR means significant change, but it’s a great opportunity for companies to take stock of their current data processing activities and make sure they’re protecting customer data appropriately.

x4.png

Demonstrable compliance

While many organisations already do the right thing when it comes to personal data, GDPR requires organisations to document and be able to show how they comply with data protection requirements. This means additional documentation of systems, processes and procedures.

x5.png

Enhanced rights

On top of existing rights in the EU, like the right to access and correct personal data held by an organisation, GDPR introduces new data protection rights for individuals such as the right to obtain and reuse personal data across different services, and the right of erasure.

x6.png

Privacy by design

Organisations must implement technical and organisational measures to show they have considered and integrated data compliance measures into their data processing activities. This builds on the idea that privacy should be considered from the start (and throughout) the systems and product design process.


What does GDPR mean?

Although GDPR might seem scary at first, many see it as a positive step forward for data protection.

Some of the key areas GDPR covers are:

  • personal data about EU-based people (absolutely all of it) 

This includes our customers, employees, suppliers and any other individual we collect personal data from. Personal data includes names, contacts, medical information, credit card or bank account details and more.

  • how we collect personal data

We can only collect personal data if we have a legal reason to do so. We might need it for an applicationt, for example. In all cases, we must make it clear what the personal data will be used for – and only use it for that purpose.

  • user contracts and terms and conditions (on websites, for example)

These need to be simple, clear and easy to understand – with no complicated legal text.

  • the right to know

Individuals can ask a business what information is being held about them. This isn’t a new right, but organisations must now respond within one month and can’t charge a fee (which they used to be able to do).

  • the right to erasure

People can ask a company to delete all stored personal data about them, unless the company needs to keep that information for legal reasons, such as tax.

  • data portability

Individuals can request a digital copy of their personal data to use however they like, including transitioning to a new service provider.

  • data breach

We’re obliged to report certain types of data breach to the Information Commissioners Office.