The Data Protection Act 1998 currently controls the way in which organisations can use personal information. The General Data Protection Regulation (GDPR) was approved in 2016 and comes into force on 25 May 2018. GDPR will be directly applicable as law in the UK.
It will replace the Data Protection Act 1998, which will be repealed or amended. It is expected that the provisions of the GDPR will remain in force post-Brexit, and for the foreseeable future; although this is yet to be confirmed and will depend on the way Brexit is implemented.
The new rules, which apply across all EU member states, are intended to help protect the privacy and rights of individuals, and ensure that they understand what personal information an organisation holds on them, how it will be used and when it should be deleted.
For some organisations the changes are significant and wide-reaching in scope. The new law brings a 21st century approach to data protection. It expands the rights of individuals to control how their personal information is collected and processed, and places a range of new obligations on organisations to be more accountable for data protection.
For the trust the principles of data protection remain similar, however there is greater focus on evidence-based compliance with specified requirements for transparency, more extensive rights for individuals and considerably harsher penalties for non-compliance.
The trust is currently reviewing all current information governance processes and policies to ensure that we are compliant with the new regulations.
Some of the pages on the HRCH web site will change to ensure they are compliant with GDPR and will clarify what happens to personal data once we have received it. The pages that are changing include:
- Privacy notices - we will give more detail on what we do with your data and why
- We will give you the contact details for someone who you can talk to in the trust about your data.
- Where we rely on your consent to share information, we will ensure that this has been given explicitly and that you are fully informed on how we will use and share the data
- Access to records – we will tell you if your data is being processed by the trust and ensure that our processes are robust to allow you access to your data. The first copy will now be free of charge
- Setting out a clear process on how you can ask us to rectify, delete, restrict or object to the way your data is used
- A clear complaints process regarding the use of your data and the route to complain to the information commissioner’s office
If you have any questions, please contact Information.firstname.lastname@example.org.