New rules relating to how we all collect and process personal data – the EU General Data Protection Regulation (GDPR) – come into effect from the 25th May 2018. GDPR aims to streamline and unify data protection laws across the EU and will replace the previous 1995 data protection directive which current UK law is based on.
GDPR is the biggest change to data protection rules in 20 years with wide ranging consequences for an organisation as large and complex as Bristol City Council. Under GDPR the council must:
- Comply with the enhanced rights for individual’s given to them under GDPR including the right to have data sent in machine readable format to another organisation in certain circumstances
- Comply with subject access requests within the reduced time frame of 30 days
- Always use an alternative basis for processing other than consent where possible, consent can no longer be gained by the use of ‘opt outs’, an individual must now ‘opt in’ to give consent
- Provide extra information to individuals when collecting their data in a privacy notice
- Demonstrate compliance with data protection laws by keeping records of our processing activities
- Appoint a statutory Data Protection Officers if the organisation is a public authority, or processes sensitive data or personal data on a large scale
- Report data breaches within 72 hours to the Information Commissioner’s Office where there is a risk to the rights or freedoms of individuals
Craig Cheney, my Deputy Mayor with responsibility for Finance and Performance has set up a project to ensure our compliance and make the required changes in each service area. By the 25th of May deadline we will have to make sure the key building blocks will be in place, which includes new ways to report data breaches a review of key documentation and training for staff. I am grateful to everyone working to make sure the council is compliant, and ensures that we can protect citizen’s data.
For my part I am asking all those who are currently subscribed to this blog if they wish to continue receiving email notifications and consent to us continuing to hold contact details. If you choose to continue receiving email notifications from the Bristol Mayor blog your contact details will only be used for the purpose of keeping you informed in the way you have requested. If you do not re-subscribe before Wednesday 23 May 2018 you will no longer receive email notifications from the Bristol Mayor blog.
A new Privacy Notice has been added to my page, explaining what we do with personal information, how long we will keep it and your right to withdraw consent at any time. If you would like to stay subscribed click on the ‘Follow’ button on the bottom right hand side of the screen, input your email and follow the instructions in the confirmation email you receive afterwards.