General Data Protection Regulations: August

<< JULY EDITIONSEPTEMBER EDITION >>

23rd August 2017
Derby Office Icon


By now you should have undertaken your personal data inventory and be clear what is your legal basis for processing personal data under the GDPR. This month is a good time therefore to carry out a data cleansing exercise to delete any personal data you no longer require or have no legal basis for processing.

The principles of data protection under the GDPR (and the Data Protection Act), emphasise the need to ensure data is relevant, accurate and not excessive or kept for longer than is necessary.

Your organisation therefore needs to consider why it needs to keep personal data and should ensure that any retention periods decided upon can be justified and are set out in a data retention policy.

You should consider your organisation’s data deletion processes. Is data deleted completely from your systems or will it remain archived? If so, consideration should be given as to the rationale for retaining archived data and this should be built into your organisation’s data retention policy.

A data retention policy will also be helpful when you come to update your privacy notices, as under the GDPR, privacy notices must include detail of the period for which personal data will be stored or the criteria used to determine that period.

If you would like any further information about the GDPR and how it might affect your organisation, please download our Geldards Guide or if you would like to discuss how Geldards can help with training on the GDPR, please do not hesitate to contact our Information Law Team.

RELATED:INFORMATION LAW >>GELDARDS GUIDE TO GDPR >> EMPLOYMENT >>


MORE FROM THE ADVICE CENTRE

Blogs

Cyber-Security Issues &amp;&#160;Increased Obligations under the GDPR
15/02/2017
The National Cyber Security Centre (NCSC) opened this week and is promised to be the “authoritative voice on information security in the UK”.
more...

Publications

Geldards Guide to General Data Protection Regulations (GDPR)
27/01/2017
The General Data Protection Regulation (‘GDPR’) is the new EU data protection framework replacing the current Data Protection Directive implemented in the UK by the Data Protection Act 1998.
more...

PARTNER

Lowri Phillips

LOWRI PHILLIPS

Partner, Cardiff

+44 (0)29 2039 1758
email
more...

HEAD OF KNOWLEDGE MANAGEMENT

Hayley Lewis

HAYLEY LEWIS

Head of Knowledge Management, Cardiff

+44 (0)29 2039 1785
email
more...

PROFESSIONAL SUPPORT LAWYER

Helen Snow

HELEN SNOW

Professional Support Lawyer, Cardiff

+44 (0)29 2039 1497
email
more...