General Data Protection Regulations (GDPR)
What is GDPR?
GDPR stands for the new EU General Data Protection Regulations which come into force on 25 May 2018.
The new Regulations will replace the current Data Protection Act (1998).
Consent can be used as a legal basis for processing personal data but it must be freely given, specific, informed and an unambiguous indication of your wishes.
This means that the council must obtain your permission to hold your contact details and use them only to contact you for the purposes you have authorised. It also means that the council has a duty to protect your data.
The GDPR creates new rights for individuals and strengthens existing rights currently in force under the Data Protection Act. These are:
- the right to be informed i.e. the information which needs to be supplied to you at the point of collecting your data.
- the right to obtain access to the personal data held
- the right to have personal data rectified if it is found to be inaccurate or incomplete
- the right to be forgotten i.e. requesting that all data relating to yourself is deleted
- the right to ask for a restriction in respect of the processing of personal data i.e. where you contest the accuracy of the data held and processing is restricted until the accuracy is rectified.
- the right to object to certain types of data processing and to direct marketing
Compliance and breaches
The Information Commissioner can impose fines for breaching GDPR and the council may be fined up to a maximum of 20,000,000 Euros (approximately £17million).