You are now able to access a range of sector-specific support on the topic of General Data Protection Regulation (GDPR), to find out how it affects your business and what you need to do to be compliant.
This is what’s on offer over the next 12 months:
• Mini-audits of your business. These are available on a first come, first served basis.
• A dedicated, email helpline for GDPR enquiries at email@example.com
• COMING SOON. An easy read guide with sector-specific information.
• Feedback and frequently asked questions. Please scroll to the bottom of this page.
• Experts available to help at our masterclasses and workshops. Click here
These services are being delivered by Suffolk-based TDP Direct Marketing, whose key areas of experience are compliance and direct marketing data, supporting and helping organisations to de-risk their businesses.
Staff from TDP will be also be attending Care Development East masterclasses and workshops where they will be available to talk to you during the breaks and at the end of the sessions and answer your GDPR questions. Every month, TDP will give us feedback on your main concerns and GDPR issues and we’ll be reporting those FAQs on this page.
A reminder about our GDPR email helpline. It’s just for your GDPR questions but you will get a helpful response answered between 24 to 48 hours. Send your query to firstname.lastname@example.org
Any other queries, email email@example.com
Q. What is GDPR?
A. The General Data Protection Regulation (GDPR) is a Europe-wide law that came into effect on 25th May 2018. It replaced the Data Protection Act 1998 in the UK. It is part of the wider package of reform to the data protection landscape that includes the Data Protection Bill. The GDPR sets out requirements for how organisations will need to handle personal data. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Q. What information does GDPR apply to?
A. The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
There are additional rules in the GDPR for organisations processing special category data. This includes information about an individual’s health.
Personal data only includes information relating to natural persons who:
Personal data may also include special categories of personal data or criminal conviction and offences data. These are considered to be more sensitive and you may only process them in more limited circumstances.
Pseudonymised data can help reduce privacy risks by making it more difficult to identify individuals, but it is still personal data.
Information about a deceased person does not constitute personal data and therefore is not subject to the GDPR.
Information about companies or public authorities is not personal data. However, information about individuals acting as sole traders, employees, partners and company directors where they are individually identifiable, and the information relates to them as an individual may constitute personal data.
Q. Do I need to register with the Information Commissioners Office?
A. If you were registered under the Data Protection Act 1998, then you will probably need to pay a relevant fee, under the Data Protection (Charges and Information) Regulations 2018.
The new Regulations came into force on 25 May 2018. This doesn’t mean everyone has to pay the new fee on that date. Data controllers who have a current registration (or notification) under the 1998 Act, do not have to pay the new fee until that registration has expired.
Q. How do I know if I should be authorised?
A. The Information Commissioners Office have a simple self-assessment tool available to all organisations. https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/
By answering a few simple questions using this link, you will find out whether or not your organisation is required to be authorised.
** Registration precedes Authorisation.