CoB getting ready for the GDPR
New legislation comes into force in May 2018 and whilst this might seem a long way away, you need to start preparing for it now, as this affects your business. The Information Commission?s Office (ICO) have prepared the following guidance for organisations (clubs and schools alike):? Getting ready for the GDPR.
Key aspects that you need to consider are:
- Know what personal data your business holds and how you process it. This includes your after school booking system amongst other areas of your business, i.e. email, email distribution lists (MailHop, MailChimp, etc)
- Ensure privacy statements are up to date on your website and after school booking system (within terms and conditions). Refer to the ICO?s Privacy notices, transparency and control.
- Individuals rights, specifically the right of access and right to be forgotten. You will need to be able to provide personal data electronically on request, as well as have the ability to erase it. In generally, data processed via the after school booking system is for the performance of a contract / service, but consideration should be given for personal data used for email distribution and marketing purposes.
- You will no longer be able to charge for subject access requests and have forty days to respond, although you can refuse or charge for requests that are manifestly unfounded or excessive.
- You need to identify the lawful basis for any processing activities and document it (including updating your privacy notice.
- Consent must be freely given, specific, informed and unambiguous with positive opt in, i.e. no longer can terms and conditions be pre-ticked. Refer to the ICO?s GDPR consent guidance.
- GDPR brings in special protection for children?s personal data.
- Procedures for data breaches must be in place and the onus is on your business to ensure data protection is ?by design and by default?. Data Protection Impact Assessments new technology is being deployed.
- You must ensure you designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation?s structure and governance arrangements.
Whilst Ayrmer Software is not a specialist and unable to provide legal advice (for obvious reasons), we would be happy to point clients in the right direction and help with any technical implementations. We?ll be working on ensuring our after school booking system is complaint before May 2018, so that is one less thing for you to worry about!