31 Jan 2017
New data protection rules are coming in next year that will increase the requirements when dealing with a customer’s personal information.
The General Data Protection Regulation (GDPA) will replace the Data Protection Act (DPA) from May 25, 2018, and there are plenty of new rules that could affect agency work.
Like the DPA, businesses must protect data under GDPR and face fines or imprisonment for failing to do so.
However, the new regulations extend the definition of personal information to also include IP addresses and biometric passwords. So if someone signs into an app using fingerprint technology, this would need to be secure.
The rules apply to all data and held about employees, prospects, customers, suppliers or anyone else.
Firms will also need to show the legal basis for storing data, such as asking for permission.
Under the new rules, individuals can also ask for personal data to be removed and any data breaches must be reported to a relevant supervisory authority and to the customer if there is a risk to their freedoms.
The new regulators are as a result of a new EU directive but the Information Commissioner’s Office says it will still apply to the UK even after Brexit.
[ comments ]