Currently, the Data Protection Act 1998 (DPA) controls how personal information is used by organisations and businesses.
On the 25 May 2018 this will be replaced by a new piece of legislation called the General Data Protection Register (GDPR).
This blog article accompanies the new CPD course going through several of the key changes between the Data Protection Act and the GDPR that you need to be aware of.
Don't delay as you will almost certainly have to make changes.
The GDPR will be enforced from 25 May 2018. UK organisations that process the personal data of EU residents have only a short time to ensure that they are compliant.
Introduced to keep pace with the modern digital landscape, the GDPR is more extensive in scope and application than the current Data Protection Act (DPA). The Regulation extends the data rights of individuals, and requires organisations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures.
- The definition of personal data is broader, bringing more data into the regulated perimeter
- Consent will be necessary for processing children’s data
- The rules for obtaining valid consent have been changed
- The appointment of a data protection officer (DPO) will be mandatory for dental practices
- Mandatory Data protection impact assessments have been introduced
- There are new requirements for data breach notifications
- Data subjects have the right to be forgotten
- There are new restrictions on international data transfers
- Data processors share responsibility for protecting personal data
- There are new requirements for data portability
- Processes must be built on the principle of privacy by design
Penalties under the GDPR
The Regulation mandates considerably tougher penalties than the DPA: organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater.
Fines of this scale could very easily lead to business insolvency.
How can ProDentalCPD help
Take our this will go into the implications and responsibilites in more detail.
Posted by Robert